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Installing, Configuring and Administering 
Microsoft Windows 2000 Professional Concepts 

Installing Windows 2000 Professional 

Requirements: 

(http://www.microsoft.eom/windows2000/upgrade/upgradereqs/default.asp) 

Windows 2000 Professional 

133 MHz or higher Pentium-compatible CPU. 

64 MB RAM minimum. 4 GB RAM maximum 

2 GB hard disk with a minimum of 650 MB of free space. (Additional free hard disk space 
is required if you are installing over a network.) 

Network Adapter Card 

Video display adapter and monitor with VGA or higher resolution 
Support for up to 2 processors. 

Windows 2000 Server 

133 MHz or higher Pentium-compatible CPU. 

128 MB RAM minimum (4GB Maximum) 256 min recommended. 

2 GB hard disk with a minimum of 1 GB of free space. (Additional free hard disk space is 
required if you are installing over a network.) 

Network Adapter Card 

Video display adapter and monitor with VGA or higher resolution 
Support for up to 4 processors. 

Windows 2000 Advanced Server 

133 MHz or higher Pentium-compatible CPU. 

128 MB RAM minimum (8GB Maximum) 256 min recommended. 

2 GB hard disk with a minimum of 1 GB of free space. (Additional free hard disk space is 
required if you are installing over a network.) 

Network Adapter Card 

Video display adapter and monitor with VGA or higher resolution 
Support for up to 8 processors. 

Pre-Installation Activities: 

Prior to installing Win2000, the following tasks must be performed: 

• Ensure all hardware requirements are met. 

• Determine if hardware is on the Hardware Compatibility List (HCL). 

• Determine how you want to partition the hard disk where Win2000 will be installed. 

• Choose a file system for the installation partition. 

• Choose a licensing mode for a server that will be running Win2000. 

• Identify whether the computer will join a domain or a workgroup. 

• Run the Win2000 Upgrade Compatibility Verification tool. 
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Attended Installation: 

Four stages of Setup: Setup Program, Setup Wizard, Installing Networking, Complete Setup. 

1 . Setup Program: Loads Setup program into memory. Starts text-based Setup program. 
Creates Win2000 partition. Formats partition. Copies setup files to hard disk. Re- 
boots computer. 

2. Setup Wizard: Graphical user interface for installation information (e.g. product key, 
names, passwords). 

3. Install Windows Networking: Detection of adapter cards, installation of default net- 
working components; Client for MS Networks, File and Printer Sharing for MS Net- 
works and TCP/IP protocol. Join a workgroup or domain. Installation of components. 

4. Complete Setup: Copy files. Configure the computer. Save the configuration. Re- 
moval of temporary files. 

Installing from CD-ROM: 

• Does not require floppies. 

• To make boot floppies, type MAKEBOOT A: in the \bootdisk directory of the installation 
CD. 

• If installing using a MS-DOS or Win95/98 boot floppy, run WINNT.EXE from the i/386 
to begin Windows 2000 setup. 

Installing over a Network: 

• 685 MB minimum plus lOO-i- MB free hard drive space for temporary files created during 
installation. 

• Create a Distribution Server with a file share containing the contents of the /i386 direc- 
tory from the Windows 2000 CD-ROM. 

• Boot the network client. Connect to the distribution server. Run WINNT.EXE. Boot 
from the Setup boot disks. Install Windows 2000. Run WINNT32.EXE if upgrading a 
previous version of Windows. 

WINNT.EXE command line switches 



Switch 


Eunction 


/a 


Enables accessibility options. 


le:command 


Specifies the command to b executed at the end of GUI setup. 


Iv.injfile 


Specifies the file name (no path) of the setup information file. 
Default is DOSNET.INE. 


/r[:folder] 


Specifies optional folder to be installed. 


/rx[: folder] 


Specifies optional folder to be copied. 


/s[:sourcepath] 


Specifies source location of Windows 2000 files. Eull path or 
network share. 


/t[:tempdrive] 


Specifies drive to hold temporary setup files. 


/u[:answer file] 


Specifies unattended setup using answer file (requires /s). 


/udf:/d[,UDE_/z7e] 


Establishes ID that Setup uses to specify how a UDE file modi- 
fies an answer file. 
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Unattended installations: 

• Unattended installations use an answer file to provide information during the setup proe- 
ess. 

• Answer files are ereated using the Setup Manager Wizard or a text editor. 

Domains, Trusts and AD 

Active Directory 

Active Directory is a hierarchical database of all objects in the entire enterprise. It includes 
users, groups, domain controllers, printers, computers, contacts, shared folders, and organ- 
izational units. AD uses TCP/IP as its network protocol. All Win2000 computers can use 
AD by default. Non-Win2000 computers can still log onto the domain, but cannot use AD 
features. They must use a Directory Services add-on client (DSCLIENT.EXE). 

Domains 

Domains are now a hierarchical model with a parent domain and child domains under it. A 
single domain tree consists of a parent domain and all of its child domains. Multiple trees in 
the same AD are called a forest. Domains are named in accordance with the Internet’s Do- 
main Name System standard. If the parent (root) domain is called “troytec.com”, a child may 
be called “support.troytec.com”. 

Global Catalog 

To facilitate finding objects in the AD, the Global Catalog is used. It is an index of all ob- 
jects published in the AD. A Global Catalog can only exist on a domain controller. 

Forest 

A Eorest defines the outside perimeter of the Windows 2000 Active Directory. It is also 
called an enterprise. Within the forest are trees, and within the trees are domains. 

Organizational Units 

OUs are sub-domains that contain AD objects. They are groups by similar function or geo- 
graphical locations. They exist to delegate administrative authority and to group policy ap- 
plication. 

Deploying Windows 2000 Using Remote Installation Services (RIS): 

Allows administrators to install Win2000 Professional on client computers from a central 
location. RIS server can be a domain controller or a member server. 

RIS Server requirements: 

• DNS Server Service 

• DHCP Server Service 

• Active Directory 

• Minimum of 2 GB of disk space. Two hard disk partitions for the Operating System and 
for the images. Image partition must be formatted with NTES. RIS cannot be installed on 
the system, boot partition, or on an EPS volume or DPS shared folder. 
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Setting up RIS Server: 

• Install Remote Installation Services by using Windows Control Panel, Add/Remove Pro- 
grams, Windows Components. 

• Start the RIS Setup Wizard by running RISETUP. Specify the Remote Installation Folder 
Location. To build the initial CD-based image, specify the location of the Win2000 Pro- 
fessional source files. Inside the RIS folder, indicate where the CD image will be stored. 
Provide a friendly text name for the CD-based image. 

• Setup Wizard will then create the folder structure, copy source files to the server, create 
the CD-based Win2000 Professional image and the default answer file, RISTAN- 
DARD.SIF, and start the RIS services on the server. 

• To authorize the server, open Administrative Tools, DHCP. Right-click DHCP, choose 
Manage Authorized Servers. Click Authorize and enter the name or IP of the RIS server. 

• Configure your RIS Server to respond to client requests. 

• Assign users/groups that will be performing RIS Installations permissions to Create 
Computer Objects in Active Directory. 

• Client Computer Naming Format is defined through Active Directory Users and Comput- 
ers. Right-click RIS Server and click Properties, Remote Install, Advanced Settings, New 
Clients. Either choose a pre-defined format or create a custom one. 

• Associate an answer file (.SIF) with your image. 

RIS Client requirements: 

• Must have a network adapter, or a 3 1/2" floppy drive and PCI network adapter supported 
by the RIS Startup Disk utility's list of supported adapters. 

• Client machine must meet minimum hardware requirements for Windows 2000 Profes- 
sional and must use the same Hardware Abstraction Layer (HAL). 



Troubleshooting Remote Installations: 



Symptom 


Solution 


Client cannot connect to RIS Server 
using the Startup disk 


Verify correct network adapter driver in 
RBFG.EXE. 


Computer displays a BootP message 
but does not display the DHCP mes- 
sage 


Verify if it can obtain an IP address. Ensure the 
DHCP server is online, is authorized, has a valid 
IP address scope. Ensure DHCP packets are 
being routed. 


Computer displays the DHCP mes- 
sage but does not display the Boot 
Information Negotiations Layer 
(BINE) message 


Verify the RIS server is online and authorized. 
Verify DHCP packets are being routed. 


Installation options you expected are 
not available 


Verify another Group Policy Object did not take 
precedence over your GPO. 


System is unable to connect to RIS 
server, but BINE message is dis- 
played 


Restart the NetPC Boot Service Manager 
(BINLSVC) on the RIS Server. 
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Miscellaneous: 

• The answer file (.SIF) supports the new [Remotelnstall] section. By setting the repartition 
parameter to yes, the install will delete all partitions on the client computer and reformat 
the drive with one NTFS partition. 

• The Remote Boot Floppy Generator utility (RBFG.EXE) only works on Windows 2000 

systems. To create boot floppies, click Start, Run. Enter 

\\R/SServerA^ame\REMINST\ADMIN\I386\RBEG.EXE. 

• RIPrep images cannot be created on a server unless it already has an existing CD-based 
image. 

Upgrading from Previous Versions: 

• Run WINNT32.EXE for upgrading from a previous version of Windows. 

• Windows 2000 will upgrades support: Windows 95 and 98, Windows NT Workstation 
3.51 and 4.0, and Windows NT 3.1 or 3.5 (must be upgraded to NT 3.51 or 4.0 first, then 
Professional). 

• Run WINNT32 /CHECKUPGRADEONEY to check for compatible hardware and soft- 
ware. A report will be generated indicating which system components are Windows 2000 
compatible. 

• All operating system files associated with Windows 95/98 will be deleted after an up- 
grade. 

Troubleshooting Failed Installations: 

Common errors: 



Problem 


Possible fix 


Cannot contact domain controller 


Ensure network cable is connected. Verify that servers 
running DNS and a domain controller are both on-line. 
Make sure all network settings are correct. 


Dependency service will not start 


Verify correct protocol and network adapter in the Net- 
work Settings. 


Error loading operating system 


Disk geometry is reported incorrectly on a NTES parti- 
tion. Use a partition less than 4 GB or use a EAT32 par- 
tition. 


Insufficient disk space 


Create a new partition or reformat an existing partition 
to free up space. 



Implementing and Conducting Administration of Resources: 

Choosing a file system: 

• NTES provides optimum security and reliability by securing individual files and folders 
on a user by user basis. Eeatures include disk compression, disk quotas and encryption. 

• EAT and EAT32 are used for dual booting between Windows 2000 and other operating 
systems. If the partition size is less than 2 GB, setup will format the partition as EAT. If 
greater than 2 GB, it will be formatted as EAT32. 
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• Existing NT 4.0 NTFS system partition will be upgraded to Windows 2000 NTFS auto- 
matically. If you are dual booting between NT 4.0 and 2000, you must install Service 
Pack 4 on the NT 4.0 machine first. 

Disk Quotas 

By default, only member of the Administrators group can view and change quota set- 
tings. Users can be allowed to view quota settings. Volume usage can be monitored on a 
per-user basis. Disk usage is based on file and folder ownership. Quotas do not use 
compression. Free space for applications is based on a quota limit. Quotas can be ap- 
plied only to volumes formatted with NTFS that use Windows 2000. A quota warning 
should be set to log an event indicating that the user is nearing his limit. An event should 
be logged when a user exceeds a specified disk space threshold. 

NTFS File and Folder Permissions: 

File attributes within a partition or between partitions: 







Copying within a partition 


Inherits the target folders permissions. 


Moving within a partition 


File keeps its original permissions. 


Moving across partitions 


Inherits the target folders permissions. 



• The CACFS.EXE utility is used to modify NTFS volume permissions. 

• File permissions override the permissions of its parent folder. 

• Files moved from an NTFS partition to a FAT partition do not retain their attributes, but 
retain their long filenames. 

• Permissions are cumulative, except for No Access, which overrides everything. 

Local and Network Print Devices: 

• Windows 2000 Professional supports: Fine Printer (FPT), COM, USB, IEEE 1394, and 
network attached devices. 

• Print services can only be provided for Windows and UNIX clients on Windows 2000 
Professional. 

• Windows 2000 Professional automatically downloads the printer drivers for clients run- 
ning Win2000, WinNT 4, WinNT 3.51 and Windows 95/98. 

• Windows 2000 Server is required to support Apple and Novell clients. 

• Print Pooling allows two or more identical printers to be installed as one logical printer. 

• Internet Printing allows you to enter the URF where the printer is located. The print 
server must be a Windows 2000 Server running Internet Information Server or a Win- 
dows 2000 Professional system running Personal Web Server. Shared printers can be 
viewed at: http://servemame/printers. 

• Print Priority is set by creating multiple logical printers for one physical printer and as- 
signing different priorities to each. Priority ranges from 1, the lowest (default) to 99, the 
highest. 

• To fix a stalled spooler, stop and restart the spooler services in the Services applet in 
Administrative Tools in the Control Panel. 
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• Availability option allows Administrator to specify the hours the printer is available. 

Managing File Systems: 

Windows 2000 supports Basic and Dynamic storage. Basic storage divides a hard disk 
into partitions. It can contain primary partitions, extended partitions and logical drives. 
Basic volumes cannot be created on dynamic disks. Basic volumes should be used when 
dual-booting between Windows 2000 and DOS, Windows 3.x, Windows 95/98 and all 
version of Windows NT. 

Dynamic storage allows you to create a single partition that includes the entire hard disk. 
Dynamic disks are divided into volumes which can include portions of one, or many, 
disks. You do not need to restart the operating system after resizing. 

Volume Types: 



Volume Type Characteristics 


Simple volume 


Contains space from a single disk 


Spanned volume 


Contains space from multiple disks (maximum of 32). Fills one volume 
before going to the next. If a volume in a spanned set fails, all data in the 
spanned volume set is lost. Performance is degraded as disks in spanned 
volume set are read sequentially. 


Striped set 


Contains free space from multiple disks (maximum of 32) in one logical 
drive. Increases performance by reading/writing data from all disks at 
the same rate. If a disk in a stripe set fails, all data is lost. 



Dynamic Volume Limitations: 

• A boot disk that has been converted from basic to dynamic cannot be converted back to 
basic. 

• Not supported on portable computers or removable media. 

• Cannot be directly accessed by DOS, Win95/98 or any versions of Windows NT if you 
are dual-booting. 

• Dynamic volumes which were upgraded from basic disk partitions cannot be extended. 
Volumes created after the disk was upgraded to dynamic can be extended. 

• When installing Windows 2000, if a dynamic volume is created from unallocated space 
on a dynamic disk, Windows 2000 cannot be installed on that volume. 

Disk Management on a Remote Computer: 

You must create a custom console focused on another computer. Choose Start, Run and 
type MMC. Choose Add/Remove Snap-in. Click Add. Click Disk Management then click 
Add. When Choose Computer dialog box appears choose the remote system. 

Windows 2000 supports disk-based quotas. Quotas can be set on NTFS volumes, but not 
on FAT or FAT32 volumes. Quotas cannot be set on individual folders within a NTFS 
partition. 
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Using the Disk Management Snap-in Tool: 

• The default is Basie storage when adding a new disk. 

• You must ehoose Rescan Disks when you remove or add a new disk. 

• Use Import Foreign Disk for disks that have been removed from another computer. 

• Upgrading from Basic to Dynamic storage requires at least 1 MB of unallocated space. 

Implementing, Managing, and Troubleshooting Hardware Devices and Driv- 
ers: 

Display devices: 

• Monitors are installed, removed, and drivers are updated through Monitors under the De- 
vice Manager. Windows 2000 Professional supports multiple monitors running concur- 
rently. 

• Use Display Adapters under the Device Manager to install, remove and update drivers. 

• Desktop display properties are managed through the Display applet in Control Panel. 

Disk devices: 

• Use Disk Management to create, delete, and format partitions as FAT, FAT32 and NTFS. 
Used to change volume labels, reassign drive letters, check drives for errors and backup 
drives. 

• To Manage disk devices, use Control Panel, Administrative Tools, Computer Manage- 
ment or by creating a custom console and adding the Disk Management snap-in. The 
Computer Management snap-in for your custom console enables Disk Management, Disk 
Defragmenter, Logical Drives and Removable Storage. There is a separate snap-in for 
each of these tools except for Logical Drives. 

Mobile computer hardware: 

• PCMCIA (PC Card) adapters, USB ports, IEEE 1394 (EireWire), and Infrared devices 
are supported through Device Manager. 

• SmartCards and Encrypting Eile System decrease the likelihood of confidential data be- 
ing compromised if the computer is stolen or lost. 

• Support is provided for Advanced Power Management (APM) and Advanced Configura- 
tion and Power Interface (ACPI). 

• Hibernation (complete power down while maintaining state of open programs and con- 
nected hardware) and Suspend (sleep with some power) modes are supported for extend- 
ing battery life. 

• Use hardware profiles for mobile computers. Accessed through Control Panel, System 
applet. Hardware tab. Hardware Profiles. Multiple profiles can be created and designated 
as a docked or undocked portable computer. 

Managing/configuring multiple CPUs: 

• Windows 2000 Professional supports a maximum of two CPUs. 

• Windows 2000 supports Symmetric Multiprocessing (SMP). Processor affinity is also 
supported. Asymmetric Multiprocessing (ASMP) is not supported. 

• Upgrading to multiple CPUs might increase the load on other system resources. 
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• Update your Windows driver to convert your system from a single to multiple CPUs. 
This is done through Device Manager, Computer, Update Driver. 

Updating drivers: 

• Driver Verifier is used to troubleshoot and isolate driver problems. It must be enabled 
through changing a Registry setting. The Driver Verifier Manager, VERIFIER.EXE, pro- 
vides a command- line interface for working with Driver Verifier. 

Installing and Managing Network Adapters: 

• Adapters are installed using the Add/Remove Hardware applet in Control Panel. 

• Change the binding order of protocols and the Provider order using Advanced Settings 
under the Advanced menu of the Network and Dial-up Connections window. Access by 
right-clicking on My Network Places icon. 

Startup and Recovery Settings: 

• Use DUMPCHK.EXE to examine contents of MEMORY. DMP. 

• Accessed through Control Panel, System applet. Advanced tab. Startup and Recovery. 

• Memory dumps are always saved with the filename MEMORY.DMP. 

• A paging file must be on the system partition and the pagefile itself at least 1 MB larger 
than the amount of RAM installed for Write debugging information option to work. 

Running the Recovery Console: 

To install the Recovery Console, run WINNT32 /CMDCONS from the Windows 2000 CD 
i386 folder. 

• Can be used to disable services that prevent Windows from booting properly. 

• When starting Recovery Console, you must log on as Administrator. 

• Allows you to boot to a DOS prompt when your file system is formatted with NTFS. 

Emergency Repair Disk: 

Use the Backup utility to create an emergency repair disk. To create an ERD, from the 
Start menu, select Programs, Accessories, System Tools, Backup. Click Emergency Re- 
pair Disk. Insert a blank formatted floppy into the A: drive. Select the Also Backup The 
Registry To The Repair Directory (%systemroot%\repair\regback) check box. Click OK. 
ERD contains AUTOEXEC.NT, CONFIG.NT and SETUP.LOG. 

Monitoring and Optimizing System Performance and Reliability: 

Windows Signature Verification: 

• Run SIGVERIF to launch File Signature Verification. 

• Saves search results to SIGVERIF.TXT. 

Using offline files: 

By default, offline files are stored in the %systemroot%\CSC directory. Share a folder 
and set its caching to make it available offline. 
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Using Synchronization Manager, you can specify which items are synchronized, using 
which network connection and when synchronization occurs (at logon, logoff, and when 
computer is idle). 

Encrypted files (EES) provides 56-bit (standard) encryption for data in NTES files. It is 
public key based, and runs as an integrated system service. If a user has a private key to 
an encrypted NTES file, the user can edit the file as a normal document. Encrypted files 
cannot be shared. EES files are NOT encrypted in the offline cache. You must be a mem- 
ber of the Administrators group to view the offline cache (on an NTES volume). Eile and 
folder permissions still apply in the offline cache, even when it is located on a EAT or 
EAT32 volume. 

Hardware profiles: 

• Created to store different sets of configuration settings, usually used with portables. 

• Profiles are created through Control Panel, System applet. Hardware tab. Hardware Pro- 
files 

Data recovery: 

• Windows 2000 Backup is launched through Control Panel, System applet. Backup or by 
running NTBackup from the Start menu. 

• Users can back up their own files and files they have read, execute, modify, or have full 
control permission for. 

• Users can restore files they have write, modify or full control permission for. 

• Administrators and Backup Operators can backup and restore all files regardless of per- 
missions. 







Copy 


All selected files and folders are backed up. Archive attribute is not 
cleared (fast for restoring) 


Daily 


All selected files and folders that have changed throughout the day are 
backed up. Archive attributes are ignored during the backup and are not 
cleared afterwards 


Differential 


Only selected files and folders that have their archive attribute set are 
backed up but archive attributes are not cleared 


Incremental 


Only selected files and folders that have their archive attribute set are 
backed up and then archive markers are cleared 


Normal 


All selected files and folders are backed up. Archive attribute is cleared 
if it exists (fast for restoring) 



Configuring and Troubleshooting the Desktop Environment: 

User profiles: 

• When a user logs onto a client computer running Win2000 Pro, the user will receive their 
individualized desktop settings and all of their network connections regardless of how 
many users share the same computer. 
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• A user can change their user profile by changing their desktop settings. When they log 
off, Windows 2000 incorporates the changes into their user profile. 

• Setting a profile as mandatory forces Windows to discard any changes made during the 
session so the next time the user logs on, the session remains unchanged from their last 
login. 

• User profiles are stored in the %systemroot%\Documents and Settings\%username% 
folder in a new install of Win2000. When upgraded from NT 4.0, they are stored in 
%systemroot%\Profiles\%usemame%. 

• Roaming profiles are used in Windows 2000 domains for users who move from one 
computer to another but require a consistent desktop environment. 

Multiple languages and locations: 

Changed through the Regional Options applet in Control Panel. To add more locales, use Re- 
gion Options, Input Locale, Add. 

To see the available languages and the current default, from the Regional Options applet. 

General tab, check the “Your System is Configured to Read and Write Documents in Multi- 
ple Languages” ListBox. 

Managing and Troubleshooting Software Using Group Policies 

Deploying software Using Group Policies: 

• The software life cycle consists of four phases. Preparation, Deployment, Maintenance, 
and Removal. 

• Windows Installer packages are recognized by their .MSI file extension. 

• Integrates software installation into Windows 2000 so that it is centrally controlled, dis- 
tributed, and managed from a central-point. 

Maintaining Software Using Group Policies: 

• A software package is installed on a Windows 2000 Server in a shared directory. A 
Group Policy Object (GPO) is created. Behavior filters are set in the GPO to determine 
who gets the software. The package is then added to the GPO under User Configuration, 
Software Settings, Software Installation. Then, select the publishing method. 

• Set up Application Categories in Group Policy, computer or user configuration. Software 
Settings, Software Installation (right-click). Properties, Categories, Add. Creating logical 
categories helps users locate the software they need under Add/Remove Programs on 
their client computer. 

• When upgrading deployed software, AD can either uninstall the old application first or 
upgrade over the top of it. 

• Selecting the “Uninstall this application when it falls out of the scope of management” 
option forces removal of software when a GPO no longer applies. 

Configuring Deployment Options: 

• You can assign or publish software packages. 

• Software that is assigned to a user has a shortcut appear on a user's Start, Programs menu, 
but is not installed until the first time they use it. Software assigned to a computer is in- 
stalled the next time the user logs on regardless of whether or not they run it. 
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• When software is assigned to a user, the new program is advertised when a user logs on, 
but is not installed until the user starts the application from an icon or double-click a file- 
type associated with the icon. Software assigned to a computer is not advertised - the 
software is installed automatically. When software is assigned to a computer it can only 
be removed by a local administrator. Users can repair software assigned to computers, 
but not remove it. 

• Published applications are not advertised. They are only installed through Add/Remove 
Programs in the Control Panel or through invocation. Published applications lack resil- 
iency (do not self-repair or re-install if deleted by the user). Finally, applications can only 
be published to users, not computers. 

• With invocation, when a user double-clicks on an unknown file type, the client computer 
queries Active Directory to see what is associated with the file extension. If an applica- 
tion is registered, AD checks to see if it has been published to the user. If it has, it checks 
for the auto-install permission. If all conditions are met, the application is installed. 

• Non-MSI programs are published as .ZAP files. They cannot take advantage of MSI fea- 
tures such as elevated installation privileges, rolling back an unsuccessful installation, in- 
stalling on first use of software or feature, etc. .ZAP files can only be published, not as- 
signed. 

• When software requires a CD key during installation, it can be pushed down with the in- 
staller package by typing misexec /a <path to .msi file> PIDKEY="[CD-/ircy]" 

• Modifications are created using tools provided by the software manufacturer and produce 
.MST files which tell the Windows Installer what is being modified during the installa- 
tion. .MST files must be assigned to .MSI packages at the time of deployment. 

• Patches are deployed as .MSP files. 

Configuring and Troubleshooting Desktop Settings: 

Desktop settings can be configured using the Display applet in Control Panel or by right 
clicking on a blank area of the desktop and selecting Properties. 

Users can change the appearance of the desktop, desktop wallpaper, screen saver settings 
and more. 

Fax support: 

• If a fax device (modem) is installed, the Fax applet appears in Control Panel. 

• Use the Fax applet to setup rules for how the device receives faxes, number or retries 
when sending, where to store retrieved and sent faxes, user security permissions, etc. 

• The Fax printer in your printer folder cannot be shared. 

• If the Advanced Options tab is not available in the Fax applet log off then log back on as 
Administrator. 

Accessibility services: 

• Accessibility Wizard is used for deploying accessibility features to users who require 
them. Define the settings you want to deploy and, on the Save Settings to File page, save 
them to a file that has the .ACW extension. Place the file on a network share and modify 
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each user's login script so that it imports the settings. The command to import the file is 
this: %SystemRoot%\System32\Accwiz.exe filename. 

• Utility Manager enables users to check an Accessibility program's status, and start or stop 
an Accessibility program. Administrators can designate to have the program start when 
Windows 2000 starts. Built-in programs include Magnifier, Narrator, and On-Screen 
Keyboard. 

• By default, automatic reset for accessibility options is disabled. When enabled, accessi- 
bility options will be turned off if they have not been used for a pre-defined period of 
time. 

• SoundSentry displays visual warnings when your computer makes a sound. 

• FilterKeys tells the keyboard to ignore brief or repeated keystrokes. 

• Sticky Keys allows you to press multiple key combinations (CTRL-ALT-DEL) one key at 
a time. 

• ShowSounds forces programs to display captions for the speech and sounds they make. 

• MouseKeys lets you control the mouse pointer with the numeric keypad. 

• Magnifier magnifies a portion of the desktop. 

• Narrator reads menu options aloud using speech synthesis. 

Implementing, Managing, and Troubleshooting Network Protocols and 
Services: 

TCP/IP protocol: 

• TCP/IP protocol is required for communicating with UNIX hosts. 

• It is routable and works over most network topologies. 

• Installed by default in Windows 2000. 

• Can be used to connect dissimilar systems. 

• Uses Microsoft Windows Sockets interface. 

• IP addresses can be entered manually or provided automatically by a DHCP server. 

Configuring DHCP to Allow Dynamic Updates: 

You must configure the DHCP server to perform dynamic updates. To do so, on the 
DNS tab of the Properties dialog box for a DHCP server, select Automatically Update 
DHCP Client Information In DNS. You must also specify; Update DNS Only If DHCP 
Client Requests, or Always Update DNS. Additional options include Discard Forward 
Lookups When Lease Expires, and Enable Updates For DNS Client That Do Not Support 
Dynamic Update. 

Automatic Private IP Addressing: 

When “Obtain an IP Address Automatically” is enabled, but the client cannot obtain an IP 

address. Automatic Private IP addressing takes over. 

• IP address is generated in the form of 169.254.x.y (x.y is the computer's identifier) and a 
16-bit subnet mask (255.255.0.0). 

• The computer broadcasts this address to its local subnet. 

• If no other computer responds to the address, the first system assigns this address to it- 
self. 
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• When using the Auto Private IP, it can only communicate with other computers on the 
same subnet that also use the 169.254.x.y range with a 16-bit mask. 

• The 169.254.0.0 - 169.254.255.255 range has been set aside for this purpose by the Inter- 
net Assigned Numbers Authority. 

Services for UNIX 2.0: 

• Windows 2000 uses CIFS (Common Internet File System) which is an enhanced version 
of the SMB (Server Message Block) protocol. 

• UNIX uses NFS (Network File System). 

• FTP support has been added to Windows Explorer and to Internet Explorer 5.0 allowing 
users to browse ETP directories as if they were a local resource. 

• Install SNMP for Network Management (HP, OpenView, Tivoli and SMS). 

• Print Services for UNIX allows connectivity to UNIX controlled Printers (EPR). 

• Simple TCP/IP Services provides Echo, Quote of Day, Discard, Daytime and Character 
Generator. 

Client for NFS: 

• Installs a full Network Eile System (NES) client that integrates with Windows Explorer. 

• Places a second Telnet client on your system that uses NTEM authentication instead of 
clear text. 

• Users can browse and map drives to NES volumes and access NES resources through My 
Network Places. Microsoft recommends this over installing Samba (SMB file services for 
Windows clients) on your UNIX server. 

• NES shares can be accessed using standard NES syntax (servemame:/pathname) or stan- 
dard UNC syntax (\\servemame\pathname) 

T roubleshooting : 

• Common TCP/IP problems are caused by incorrect subnet masks and gateways. 

• Check DNS settings if an IP address works but a hostname won't. 

• The Ping command tests connections and verifies configurations. 

• The Tracert command checks a route to a remote system. 

• Use IPConfig and IPConfig /all to display current TCP/IP configuration. 

• Use Nets tat to display statistics and connections for TCP/IP protocol. 

• Use NBTStat to display statistics for connections using NetBIOS over TCP/IP. 

NWLink (IPX/SPX) and NetWare Interoperability: 

• NWEink is used by NT to allow NetWare systems to access its resources. 

• To allow file and print sharing between NT and a NetWare server, CSNW (Client Serv- 
ices for NetWare) must be installed on the NT system. In a NetWare 5 environment, the 
Microsoft client does not support connection to a NetWare Server over TCP/IP. You will 
have to use IPX/SPX or install the Novell NetWare client. 

• Gateway Services for NetWare can be implemented on your NT Server to provide an MS 
client system to access your NetWare server by using the NT Server as a gateway. Erame 
types for the NWEink protocol must match the computer that the NT system is trying to 
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connect with. Mismatching frame types will cause connectivity problems between the 
two systems. 

• When NWLink is set to auto-detect the frame type, it will only detect one type and will 
go in this order: 802.2, 802.3, ETHERNET II and 802.5 (Token Ring). 

• NetWare 3 servers uses Bindery Emulation (Preferred Server in CSNW). NetWare 4.x 
and higher servers use NDS (Default Tree and Context.) 

• There are two ways to change a password on a NetWare server - SETPASS.EXE and the 
Change Password option (from the CTRE-AET-DEE dialog box). The Change Password 
option is only available to NetWare 4.x and higher servers using NDS. 

Other protocols: 

• DEC is a special-purpose, non-routable protocol used by Windows 2000 to talk with IBM 
mainframes, AS400s and Hewlett Packard printers. 

• AppleTalk must be installed to allow Windows 2000 Professional to communicate with 
Apple printers. Pile and Print Services for Macintosh allows Apple Clients to use re- 
sources on a Microsoft Network. 

• NetBEUI is used solely by Microsoft operating systems and is non-routable. 

Remote Access Services (RAS): 

Authentication protocols: 

• RADIUS - Remote Authentication Dial-in User Service. Provides authentication and ac- 
counting services for distributed dial-up networking. 

• EAP - Extensible Authentication Protocol. Allows for an arbitrary authentication mecha- 
nism to validate a dial-in connection. Uses generic token cards, MD5-CHAP and TES. 

• EAP-TES - Transport Eevel Security. Primarily used for digital certificates and smart 
cards. 

• MD5-CHAP - Message Digest 5 Challenge Handshake Authentication Protocol. Encrypts 
usernames and passwords with an MD5 algorithm. 

• MS-CHAP (VI and 2) - Microsoft Challenge Handshake Authentication Protocol. En- 
crypts entire session, not just username and password. V2 is supported in Windows 2000 
and NT 4.0 and Win 95/98 (with DUN 1.3 upgrade) for VPN connections. MS-CHAP 
cannot be used with non-Microsoft clients. 

• CHAP - Challenge Handshake Authentication Protocol - encrypts user names and pass- 
words, but not session data. Works with non-Microsoft clients. 

• SPAP - Shiva Password Authentication Protocol. Used by Shiva EAN Rover clients. En- 
crypts password, but not data. 

• PAP - Password Authentication Protocol. Sends username and password in clear text. 

Dial-up networking: 

• Add new connections by using the Make New Connection wizard. 

• PPP is generally preferred because it supports multiple protocols, encryption, and dy- 
namic assignment of IP addresses. SEIP is an older protocol that only supports TCP/IP 
and is used for dialing into legacy UNIX systems. 

• Dial-up networking entries can be created for modem connections, EAN connections, di- 
rect cable connections and Infrared connections. 
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Virtual Private Networks (VPNs): 

• L2TP - Layer Two Tunneling Protocol. Creates a tunnel, but it does not provide data en- 
cryption. Security is provided by using an encryption technology like IPSec. 

• PPTP - Point to Point Tunneling Protocol. Creates an encrypted tunnel through an un- 
trusted network. 









Built-in encryption 


Yes 


No 


Header compression 


No 


Yes 


Transmits over IP-based 
internetwork 


Yes 


Yes 


Transmits over UDP, Erame 
Relay, X.25 or ATM 


No 


Yes 


Tunnel authentication 


No 


Yes 



Multilink Support: 

• Enabled from the PPP tab of the RAS Server Properties dialog box. 

• Multilinking allows you to combine two or more modems or ISDN adapters into one 
logical link with increased bandwidth. 

• BAP (Bandwidth Allocation Protocol) and BACP (Bandwidth Allocation Control Proto- 
col) enhance multilinking by dynamically adding or dropping links on demand. Settings 
are configured through RAS policies. 

Using Shared Resources on a Microsoft Network: 

The Administrators and Power Users groups can create shared folders on a Windows 
2000 Professional workstation. Windows 2000 creates administrative shared folders for 
administrative reasons. These shares are appended with dollar sign ($) which hides the 
share from users browsing the computer. The system folder (Admin$), the location of the 
printer drivers (Print$) and the root of each volume (C$, D$, etc.) are all hidden shared 
folders. 

Shared folder permissions apply only when the folder is accessed via the network. By de- 
fault, the Everyone group is assigned Eull Control for all new shared folders. Share level 
permissions can be applied to EAT, EAT32 and NTES file systems. 

Windows 2000 Professional is limited to 10 concurrent connections for file and print 
services. 

Implementing, Monitoring, and Troubleshooting Security: 

Active Directory: 

Active Directory (AD) services provide a single point of network management, allowing 
you to add, remove, and relocate resources. It offers centralized management, scalability 
and open standards support. 



16 



http ://www .troytec .com 





Active Directory Structure: 



Name 


Characteristic: 


Object 


A distinct named set of attributes that represent a network re- 
source such as a computer or a user account. 


Classes 


The logical groupings of objects such as user accounts, comput- 
ers, domains or organizational units. 


Organizational Unit 

(OU) 


Used to organize objects inside a domain into logical administra- 
tive groups such as computers, printers, files shares, and applica- 
tions. 


Domain 


Joining a domain requires a domain name, a computer account, 
and an available domain controller and a DNS server. All network 
objects exist within a domain with each domain storing informa- 
tion only about the objects it contains. ACLs contain the permis- 
sions associated with objects that control which users or types of 
users can access them. 


Tree 


A grouping or hierarchical arrangement of one or more Windows 
2000 domains that share a contiguous names space (e.g. sup- 
port.troytec.com, mcse.troytec.com, and mcsd.troytec.com). 


Forest 


A grouping or hierarchical arrangement of one or more domain 
trees that form a disjointed namespace. Domains in a forest oper- 
ate independently of each other, but the forest enables communi- 
cation across the domains. 


Sites 


Combination of one or more IP subnets connected by high-speed 
links. Not part of the AD namespace, and contains only computer 
objects and connection objects used to configure replication be- 
tween sites. 



Site Replication: 

• Active Directory information is replicated between Domain Controllers (DCs) and en- 
sures that changes to a domain controller are reflected in all DCs within a domain. A DC 
is a computer running Windows 2000 server which contains a replica of the domain di- 
rectory (member servers do not). 

• DCs store a copy of all AD information for their domain, manage changes to it and copy 
those changes to other DCs in the same domain. DCs in a domain automatically copy all 
objects in the domain to each other. When you change information in AD, you are mak- 
ing the change on one of the DCs. 

• DCs immediately replicate important changes to AD like a user account being disabled. 

• AD uses multimaster replication. No single DC is the master domain controller. All DCs 
within a domain are peers. 

• Having more than one DC in a domain provides fault-tolerance. If a DC goes down, an- 
other is able to continue authenticating logins and providing required services using its 
copy of AD. 
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Local user accounts: 

• Resides only on the computer where the account was created in its local security data- 
base. If computer is part of a peer-to-peer workgroup, accounts for that user will have to 
be created on each additional machine that they wish to log onto locally. Local accounts 
cannot access Windows 2000 domain resources and should not be created on computers 
that are part of a domain. 

• Domain user accounts reside in AD on domain controllers and can access all resources on 
a network that they have been granted privileges to. 

• Built in user accounts are Administrator (used for managing the local system) and Guest 
(for occasional users - disabled by default). 

• Usernames cannot be longer than 20 characters and cannot contain illegal characters. 

• User logon names are not case sensitive. Alphanumeric combinations are allowed. 

• Passwords can be up to 128 characters. 

• User accounts are added and configured through the Computer Management snap-in. 

• Creating and duplicating accounts requires username and password. Disabling an account 
is typically used when someone else will take the user's place or when the user might re- 
turn. 

• When copying a user account, the new user will stay in the same groups that the old user 
was a member of. The user will keep all group rights that were granted through groups, 
but lose all individual rights that were granted specifically for that user. 

Group Policy: 

Group Policies are a collection of user environment settings that are enforced by the op- 
erating system and cannot be modified by the user. User profiles refer to the environment 
settings that users can change. 

System Policy Editor (POLEDIT.EXE) 

Windows NT 4, Windows 95 and Windows 98 use the System Policy Editor (POLE- 
DIT.EXE) to specify user and computer configuration that is stored in the registry. 

• Are not removed when the policy ends. 

• Not secure because settings can be changed by a user with the Registry Editor (REGE- 
DIT.EXE). Settings are imported/exported using .ADM templates. 

• Windows 2000 comes with SYSTEM.ADM (system settings), INETRES.ADM (Internet 
Explorer settings). 

Group Policy snap-in (GPEDIT.MSC) 

Exclusive to Windows 2000 and supercedes the System Policy Editor. Uses Incremental Se- 
curity Templates. 

• Settings can be stored locally or in AD. They are secure and can only be changed by Ad- 
ministrators. 

• Should only be applied to Windows 2000 systems that have been clean installed onto an 
NTES partition. Only the Basic security templates can be applied to NTES computers that 
have been upgraded from NT 4.0. 

• Settings are imported/exported using .INE files. The Group Policy snap-in can be focused 
on a local or remote system. 
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Security Configuration: 

Security Configuration and Analysis snap-in is a stand-alone MMC snap-in that can con- 
figure or analyze Win2000 security based on contents of a security template created using 
Security Templates snap-in. The text-based tool can be run from the command line using 
SECEDIT.EXE. 

By default, Windows 2000 Professional doesn't require users to press CTRE-AET-DEE 
to logon. To increase security, disable this feature to force users to log on. To disable ac- 
cess to the workstation, but allow programs to continue running, use the Eock Worksta- 
tion option (from the CTRE-AET-DEE dialog box). To disable access to the workstation, 
and not allow programs to continue running, use the Eogoff option (from the CTRE- 
AET-DEE dialog box). To lock the workstation after a period of idle time, use a screen- 
saver password. 

Auditing can be enabled by clicking Start, Programs, Administrative Tools, Eocal Secu- 
rity Policy. In the Eocal Security Settings window, double-click Eocal Policies and then 
click Audit Policy. Highlight the event you want to audit and on the Action menu, click 
Security. Set the properties for each object as desired then restart computer for new poli- 
cies to take effect. 

To further enhance security, clear the Virtual Memory Pagefile when the system shuts 
down. By default it is not cleared, but this can be changed under Eocal Security Policy 
Settings and will prevent unauthorized person from extracting information from your 
system's pagefile. You can also prevent the last user name from being displayed at logon 
(Win2000 Pro does this by default). Use the Group Policy snap-in, Eocal Computer Pol- 
icy, to change this. When using Event Viewer, only local administrators can see the secu- 
rity log, but anyone (by default) can view other logs. 

Encrypting File System (EFS): 

• Designated Recovery Agents (by default, the Administrator) can recover encrypted data 
for the domain using AD and Certificate Server. 

• Encryption is transparent to the user. 

• Only works on Windows 2000 NTES partitions (NTES v5). 

• Uses public-key encryption. Keys that are used to encrypt the file are encrypted by using 
a public key from the user's certificate. The list of encrypted file-encryption keys is kept 
with the encrypted file and is unique to it. When decrypting the file encryption keys, the 
file owner provides a private key which only he has. 

• There can be more than one recovery agent, but at least one public recovery key must be 
present on the system when the file is encrypted. 

• If the owner has lost his private key, an appointed recovery system agent can open the 
file using his/her key instead. 

• EES resides in the Windows OS kernel and uses the non-paged memory pool to store file 
encryption keys. 

• Encrypted files can be backed up using the Backup Utility, but will retain their encrypted 
state as access permissions are preserved. 
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• Default encryption is 56-bit. North Americans can upgrade to 128-bit encryption. 

• Compressed files can't be encrypted and vice versa. 

• You can't share encrypted files. 

• Use the Cipher command to work with encrypted files from the command line. 

• Encrypted files are decrypted if you copy or move them to a FAT volume. 

• Cut and paste to move files into an encrypted folder - if you drag and drop files, the files 
are not automatically encrypted in the new folder. 

• The EFSINFORMATION.EXE utility in the Win2000 Resource Kit allows an adminis- 
trator to determine information about encrypted files 

IPSec: 

IPSec encrypts Transmission Control Protocol/Internet Protocol (TCP/IP) traffic within 
an Intranet, and provides the highest levels of security for VPN traffic across the Internet. 
IPSec is implemented using Active Directory or on a Windows 2000 machine through its 
Focal Security settings. It is not available for Windows 95/98 or Windows NT. IPSec is 
a protocol, not a service. It consists of two separate protocols. Authentication Headers 
(AH) and Encapsulated Security Payload (ESP). AH provides authentication, integrity 
and anti-replay but does not encrypt data and is used when a secure connection is needed 
but the data itself is not sensitive. ESP provides the same features plus data encryption 
and is used to protect sensitive or proprietary information but is associated with greater 
system overhead for encrypting and decrypting data. 

Supported IPSec authentication methods are Kerberos v5 Public Key Certificate Authori- 
ties, Microsoft Certificate Server, and Pre-shared Key. 

Before two computers can communicate they must negotiate a Security Association (SA). 
The SA defines the details of how the computers will use IPSec, with which keys, key 
lifetimes, and which encryption and authentication protocols will be used. When partici- 
pating in a Windows 2000 domain, IPSec policies are stored in Active Directory. Without 
AD, they are stored in these registry keys. 
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Installing, Configuring and Administering Windows 2000 Professional 

Exam Questions 

1. What is the compression attribute of an uncompressed file after it is moved within an 
NTFS partition to a compressed folder on a Win2000 Professional computer? 

A: The file remains uncompressed. 

2. What should you do on your Win2000 Professional computer to find the location of a 
shared folder? 

A: Use System Tools in Computer Management to display the file paths of your shared fold- 
ers. 

3. You are rewriting an accounting application so that it will run on computers loaded 
with both Win2000 Professional and Windows 98 computers. Computers must be con- 
figured for optimal disk performance. Users must be able to access all of the files on 
their computers while using either operating system. What should you do? 

A: Create and format a FAT32 partition. 

4. Your Win2000 Professional computer contains a single hard disk configured as a single 
partition. You want to move a folder named Accounting under a folder named Corp on 
your computer. You want the files in the Accounting folder to remain compressed after 
moving the folder. You want the files in the Corp folder to remain uncompressed. You 
must ensure that the files are recoverable in case of any disk problems. Using the least 
amount of administrative effort, what should you do? 

A: Back up the Accounting folder, move the Accounting folder to the Corp folder. 

5. A shared printer named Printerl will print, although it has numerous jobs in the print 
queue. You want to print to an identical print device, which has been shared as Printer2 
on Computer2. Without having to reconfigure the default printer, how can you allow 
users who currently connect to Printerl to automatically use Printer2? 

A: Configure Printerl to add a port and set the port to \\Computer2\sPrinter2. 

6. You upgrade six MPS-compliant computers from Windows NT Workstation 4.0 to 
Win2000 Professional. Each computer has two 550 MHz processors. The computers are 
used for high-end graphics applications. After the upgrade, users report that the proc- 
essing time for the graphics applications is much slower. What should you do? 

A: Use Device Manager to install the MPS-compliant drivers for the second processor. 

7. You install Win2000 Professional on ten computers that have video capture cards in- 
stalled. A user reports the video capture card is not functioning correctly. Using Device 
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Manager, you view the hardware settings. There is an exclamation mark before the 
Multimedia Audio Controller. What should you do? 

A: Use Device Manager to update the drivers for the device. 

8. What user mode MMC console type allows the creation of a new MMC window? 

A: Full Access. 

9. Which feature of Windows 2000 allows an Administrator to enforce desktop settings for 
users? 

A: Group Policy. 

10. To logon locally, a computer must he a member of what? 

A: The computer must be a member of a Workgroup. 

The computer must be a member of a domain. 

11. You are installing Windows 2000 over the network. Before you install to a client com- 
puter, what must you do? 

A: Establish the path to the shared installation files on the Distribution Server. Create a 
500 MB FAT partition on the target computer. Create a client disk with the network client so 
that you can connect to the distribution server. 

12. After installing an ISA-based SCSI adapter in your docking station, the SCSI adapter is 
not detected during the startup process. You start the Add/Remove Hardware wizard, 
but the SCSI adapter is not listed. What should you do to allow Win2000 Professional 
to detect the SCSI adapter? 

A: Restart the Add/Remove Hardware wizard. 

Manually add the SCSI adapter drivers. 

13. What file systems are supported by Windows 2000? 

A; NTFS, FAT, FAT32. 

14. Computers on the ACCOUNTING subnet, which runs Win2000 Professional, are dy- 
namically assigned IP addressing and configuration information from a DHCP server 
on the subnet. Computers on the DEVELOPMENT subnet run Windows 98. They are 
statically assigned IP addressing and configuration information. Users on the AC- 
COUNTING subnet report that they cannot communicate with users on the DEVEL- 
OPMENT subnet. A user who works on Computer3 reports that he cannot communi- 
cate with computers on either subnet. You view the network is configuration (an exhibit 
will be shown), and it shows computers in subnet ACCOUNTING get IP and gateway 
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addresses by DHCP, but the gateway configuration of DHCP Server is wrong. Com- 
puters only has NWLink protocol. What should you do? (Choose two) 

A: Change the default gateway option IP address on the DHCP server. 

Enable TCP/IP protocol with the default settings on Computers. 

15. What is the resulting action when you click on the lock computer button on the Win- 
dows Security Dialog Box? 

A: Computer is locked. 

Applications continue to run. 

16. You configure the network adapter card for each Win2000 Professional computer to 
use TCP/IP and assign static IP addressing information. You configure two computers 
with 10/100 MBPS UTP-only network adapter cards. On all other computers, you use 
10 MBPS BNC/UTP combination network adapter cards. All computers are connected 
to a 10/100 switch that has category 5 UTP cabling. After the installation you find that 
only the computers with the 10/100 MBPS UTP-only cards can communicate with each 
other. What should you do so that all computers on the network can communicate with 
each other? 

A: Change the combination network adapter cards to use the UTP transceiver setting. 

17. Your want your computer to use both Win2000 Professional and Windows 98. It has 
three 6 GB hard disks; Disk 0, Disk 1 and Disk 2. Each hard disk needs to have a 6 GB 
partition. Windows 98 will be installed on Disk 0, and Win2000 Professional on Disk 1. 
Project files are to be stored on Disk 2. File level security should be implemented on 
Disk 1. Project files must be accessed when using either operating system. What should 
you do? (Select and Place) 

A; DiskOFATSl 
Disk 1 NTFS 
Disk 2 FAT32 

18. Users are complaining that they can communicate with some of the machines on their 
network segment, but are having trouble communicating with other machines. Fur- 
thermore, they are unable to access any network resources on other segments. How 
should you troubleshoot this problem? 

A: Use the IPConfig utility to determine what IP addresses have been assigned and check to 
see if a functioning DHCP server is available for the segment. 

19. You have three encrypted files. You want to make a backup copy of the three files and 
maintain their security settings. You have the option of backing up to either to the net- 
work or a floppy disk. What should you do? 
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A: Copy the files to a network share on an NTFS volume. 



20. You have 75 identically configured Win2000 Professional computers that will he shared 
hy users in the OU. With the least amount of administrative effort, what should you do 
so that users are able to maintain their individual desktop settings regardless of which 
computer they use? 

A: Configure each computer to join the domain. 

Create a domain user account that uses roaming user profiles. 

21. Randy is a member of the local Administrators group. Users report that Randy has 
been viewing and changing their files. What should you do to limit Randy to installing 
programs, perform backups and manage printers, but not to view or change other users 
files? 

A: Remove Randy from the local Administrators group. 

Add him to both the Power Users group and the Backup Operators group. 

22. Your network’s dialup server is configured to support certificate authentication. You 
want to use smart card authentication on your Win2000 Professional Portable com- 
puter. Your computer has a PC Card smart card reader and the appropriate drivers 
installed, and a smart card. What else should you do to enable smart card authentica- 
tion on your computer? 

A: Configure a dial-up connection to use EAP. 

Select the smart card device for authentication. 

23. Files are being deleted from your shared hard drive. You want to track all users who 
access your files in the future. What should you do? (Choose two) 

A: Enable the local Group Policy for auditing object access events that are successful. 

Use Win2000 Explorer to enable auditing for your files. 

24. You have an employee named Drew leaving your company. A new employee named 
Adam will replace him. Drew has a local user account on a Win2000 Professional com- 
puter, with rights and permissions to multiple files and folders on the computer. You 
want Adam to have the same rights and permissions. What should you do? 

A: Rename Drew’s user account to Adam, and change the account password. 

25. You install a new AGP video adapter in your Win2000 Professional computer. You in- 
stall the manufacturer’s device drivers, and reboot. During the startup process, the 
monitor goes blank. What should you do? 

A: Start the computer by using the Emergency Repair Disk. 

Restore the original adapter driver settings. 
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26. You are having problems with your video driver. What should you do? 

A: Reboot the computer, and press F8 to get to the Advanced Options menu. Select Enable 
VGA Mode. 

27. You purchase an USB-based ISDN terminal adapter for your Win2000 Professional 
portable computer. You install the device, but Plug and Play fails to detect the new de- 
vice. You test the device on a Win2000 Professional desktop computer, and everything 
is OK. From Device Manager on the portable computer, you see that all devices are 
working properly (an exhibit will be shown). What should you do? 

A: Contact the hardware manufacturer to obtain an upgrade for the Plug and Play BIOS. 

28. Your Win2000 Professional computer has a single Pentium II 400 MHz processor, 64 
MB of RAM and an IDE hard disk. When you are working on multiple graphics design 
applications simultaneously, you notice that your computer responds very slowly. You 
use System Monitor to view your computer’s performance. It shows the percent proc- 
essor time as high (an exhibit will be shown). What should you do to improve the per- 
formance? 

A: Add a second Pentium II 400 MHz processor. 

29. You use Windows Backup to daily back up the files on drive D of your Win2000 Profes- 
sional computer. On Thursday morning drive D fails. You replace it with a new hard 
disk. You want to restore your files on drive D to the new hard disk. You view your 
backup log and see the backup method is incremental (an exhibit will be shown). In 
what order do you restore your data? 

A: Friday, Saturday, Sunday, Monday, Tuesday, Wednesday. Files will be current as of 
Wednesday night. 

30. Which of the following are user mode MMC console types? 

A: Delegated, Multiple Window 
Full Access 

Delegated, Single Window 

31. You use a Win2000 Professional computer to run a weekly report. When the report is 
running on the computer, another task stops responding and eventually times out. 
When you run only the other task, the task completes successfully. You use Task Man- 
ager to view your system resources. They show the weekly report CPU time is high (an 
exhibit will be shown). You want to resolve the problem by using Task Manager. What 
should you do? 

A: Decrease the base priority of the weekly report task. 
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32. You are required to deploy 35 new Windows 2000 desktop computers on your network 
as quickly as possible. Most of the computers possess the same hardware configura- 
tions, but a few have different BIOS chips and video cards. Which installation method 
should you use? 

A: Remote Installation Services. 

33. You have Win2000 Professional installed on your C drive. Both your C and D drives 
have more than 500 MB of free disk space. You frequently run many memory intensive 
graphics applications simultaneously. You notice that access to drive C is much slower 
when you are using the graphics applications. You want to maximize disk performance. 
What should you do? 

A: Move the paging file from drive C to drive D. 

Set the initial size of virtual memory and the maximum size of virtual memory to 256 MB. 

34. You configure your Win2000 Professional portable computer to redirect your My 
Documents folder to your home folder. You want to ensure that you can access all files 
in your My Documents folder when you are not connected to the network. What should 
you do? (Choose two) 

A: Use Windows Explorer to enable Offline Files. 

Use Windows Explorer to configure the properties of your home folder to be available 
offline. 

35. After installing an USB camera to your Win2000 Professional computer, you notice that 
your USB keyboard does not respond. You suspect that the camera drivers are not cer- 
tified for Win2000 Professional. You want to configure your computer to enable your 
USB keyboard and to prevent uncertified drivers from being installed in the future. 
What should you do? (Choose two) 

A: Configure WinlOOO Professional to enable driver signing. 

Start the computer in safe mode. Replace the camera drivers with Win2000 Professional 
certified drivers by using Device Manager. 

36. You open the DHCP console, and notice the DHCP server icon is marked with a red ar- 
row. Why? 

A: The DHCP Service is not authorized to operate in the domain. 

37. You want to configure your Win2000 Professional portable computer to use offline files. 
The files include a large project file and some smaller personal files. Your portable 
computer uses a dial-up connection to the server at scheduled times during the day to 
automatically download your e-mail messages. You do not want to synchronize the pro- 
ject file during this time. What should you do? 
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A: Configure Synchronization Settings to synchronize the project file only when using the 
LAN connection. 

Set synchronization for the personal files for both the LAN connection and your dial-up 
connection. 

38. You want to upgrade several computers from Windows NT Workstation 4.0 to 
Win2000 Professional. Using Setup Manager you create an UNATTEND.TXT file and 
copy the file to a floppy disk. You then start the installation on a test computer hy using 
the Win2000 Professional CD-ROM. You insert the floppy disk after the computer 
starts. Although you had set the user interaction level to full unattended mode, you are 
prompted for all the required parameters. You want to ensure that the unattended in- 
stallation does not prompt you for input. What should you do? (Choose two) 

A: Rename UNATTEND.TXT on the floppy disk to WINNT.SIF. 

Add a [Data] section to the unattend.txt and set the unattended install parameter to YES. 

39. How do you stop the sharing of a folder? 

A: Do Not Share This Eolder option. 

40. You want to install Win2000 Professional on several new computers. You first install 
Win2000 Professional on one of the new computers. You log on to the computer by us- 
ing the local Administrator account. You install some standard applications. You then 
create a RIS image of the computer you configured. You want to configure the RIS im- 
age so that the standard applications will be accessible to the user when the user first 
logs on to the network. What should you do? 

A: Copy the Local Administrator account profile to the default user profile. 

41. You want to install Win2000 Professional on 20 new PXE compliant computers, which 
do not have operating systems installed. You create a RIS image and load the image 
onto the RIS server and then start the new computers. You find that the new computers 
cannot connect to the RIS server. You verify that existing client computers on the net- 
work can connect to network servers. What should you do? (Select and Place) 

A: DHCP Server is required for RIS. 

42. You install Win2000 Professional on your portable computer. You have an external 
CD-ROM drive is connected to the parallel port, but Win2000 Professional cannot see 
the CD-ROM drive. Computer Management unsuccessfully scans for the CD-ROM. 
You want to enable Win2000 Professional to detect the CD-ROM drive. What should 
you do? 

A: Configure the parallel port to enable legacy Plug and Play detection. 

43. You want to install Win2000 Professional on 30 PXE compliant computers and 30 non- 
PXE compliant computers. All computers are included on the current Hardware Com- 
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patibility List. You create a RIS image and load the image onto the RIS server. You 
then start the all computers. PXE compliant computers can connect to the RIS server. 
Non-PXE compliant computers cannot connect to the RIS server. What should you do? 

A: Run Rbfg.exe to create a non-PXE compliant startup disk. 

44. You are upgrading a computer from Win98 to Win2000 Professional. You install by 
using the Win2000 Professional CD-ROM. After the text mode installation portion is 
complete, you restart the computer. The BIOS virus checker indicates that your com- 
puter is infected with a Master Boot Record virus. What should you do before you con- 
tinue the installation? 

A: Disable the BIOS virus checker and restart the computer. 

45. A Win2000 Professional computer that is shared by several users. You add two new 
user accounts named User? and UserS to the computer. When User? log on, she receives 
the error message: “Windows cannot copy file C:\Documents and Settings\default user\ 
to location C:\Documents and Settings\User?”. UserS gets a similar message. What 
should you do? (Choose two) 

A: Add the Everyone group to the DACE for the C:\Documents and Settings\default user 
folder. 

Log on by using the local Administrator account and create new folders for User? and 
UserS in the c:\Documents and Settings folder. 

46. What type of event is audited to log changes made to user security options? 

A: Policy Change. 

41. Office 2000 was assigned to all the computers on the network by using a Group Policy 
object (GPO). You deploy the Office 2000 service release to all of the Win2000 Profes- 
sional computers on the network. One computer fails. What should you do? 

A: Restart Windows Installer on the computer that failed to install the service release. 

48. Users in your company use English, French and Spanish create document and to com- 
municate with vendors internationally. Users run the Russian localized edition of 
Win2000 Professional on their desktop and portable computers. Natasha wants to cre- 
ate a word processing document in both English and Spanish by using Notepad in 
Win2000 Professional. What should you do? 

A: Have Natasha use the Regional Options in Control Panel to add input locales and key- 
board layouts/IME for both English and Spanish. 

49. You are deploying two new applications to users in your company. All users in your 
organization use MS Word. All users in the Finance department use MS Access. Some 
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users outside of the Finance department need occasional access to Access. If you have a 
single domain and each department has their own organizational unit, how should you 
deploy these applications? 

A: MS Word would be assigned in a GPO at the domain level. MS Access would be assign 
in a GPO at the Finance department’ s organizational unit and would also be published in 
a GPO at the domain level. 

50. You have text in both English and Spanish. The word processing program you are us- 
ing is a Windows 16 bit character based application. You complete the English portion 
of your document. You then install Spanish as a language group by using Regional Op- 
tions in Control Panel. However, you cannot use Spanish to complete the Spanish por- 
tion of your document. What should you do? 

A: Save and close the word processing program. Select Spanish by using the locale indicator 
on the taskbar and restart the word processing program. 

51. Which of the following is true of RADIUS support in Windows 2000? 

A: A Windows 2000 server can be a RADIUS server, a RADIUS client or both simultane- 
ously. 

52. You configure a local group to have a mandatory user profile. The mandatory profile 
has a logo with 16-bit color and 1024 x 768 resolution. Users have both standard VGA 
video adapters and SVGA video adapters. Several users report that when they log on to 
certain Win2000 Professional computers the custom bitmap is distorted. What should 
you do? 

A: Change the custom bitmap to 640 x 480 resolution and reconfigure the mandatory user 
profile. 

53. What must be present on the network when installing a computer to the domain? 

A: At least one domain controller and one DNS server. 

54. You are using Windows Installer to deploy an application. A Group Policy Object 
(GPO) is created for the Accounting OU. During the deployment, some users in the Ac- 
counting OU report that the installation aborts, while others report that the software 
shows general protection fault errors. What should you do? 

A: Repackage and redeploy the application’ s .MSI file to the Accounting OU. 

55. Your routed TCP/IP network consists of 10 Win2000 Server computers and 75 
Win2000 Professional computers. TCP/IP is the only network protocol. You want newly 
installed computers to use NetBIOS names to connect to all shared resources on the 
network. You configure a TCP/IP address and a shared mask on each new computer. 
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Which two additional TCP/IP properties should you configure on each new computer? 
(Choose two) 

A: A gateway address. 

A WINS server address. 

56. By default, which permissions will be changed when you modify the permissions on an 
NTFS folder? 

A: The permissions on the folder, files and sub-folders. 

57. You recently added a new hard drive to your principal file storage server so users can 
store customer documents and contact information. You must format the drive before it 
can be used to store files. Which commands will provide access to Disk Management, by 
default? 

A: Select Start\Run, type “DISKMGMT.MSC”, then click OK. 

Double-click DISKMGMT.MSC in the Sysroot\Winnt\System32 directory. 

58. Your network uses DHCP to assign IP addresses in the range I94.I34.I54.I0 - 
I94.I34.I54.I98. Your computer has been configured to use DHCP but has an IP ad- 
dress of I69.254.I34.I94. What is the most likely reason for this? 

A: The DHCP server is unavailable. Your computer has randomly assigned itself an address 
from the 169.254.0.0 network. 

59. What feature is used to restore Win2000 when Last Known Good does not work? 

A: Automatic System Recovery (ASR). 

60. You install Win2000 Professional at home. You create a new dial-up connection to con- 
nect to your company’s RAS. The connection uses both of your external modems and 
Multilink to bind the modems together. You start the dial-up connection and connect to 
the RAS. You notice that only one of the modems is connected to the RAS. What should 
you do? 

A: Configure the company’s remote access server to accept Multilink connections. 

61. Which Windows 2000 technology allows Windows Installer packages to be automati- 
cally installed, upgraded or removed using group policy? 

A: Windows 2000 Software Installation and Maintenance. 

62. You use your Win2000 Professional computer to transfer 20 large files. Each file is 100 
MB in size. You want to copy the files from a UNIX server in your branch office to a 
computer running SQL Server at the main office. When you copy the files by using 
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Windows Explorer, the connection times out and the file copy is aborted. You want to 
monitor the performance of TCP/IP of your computer. What should you do? 

A: Install SNMP. Use the Performance Console to view all the counters of the TCP object. 

63. Your Win2000 Professional Client! has an IP address of I0.I0.167.4, a default gateway 
of 10.I0.167.I, and a subnet mask of 255.255.252.0. You want to connect to a shared 
folder on ServerB. ServerB’s IP is 10.I0.I3.I0. But you receive the following error mes- 
sage: “The network location could not be reached”. You run IPConfig to review the 
configuration on Client!. Which configuration setting should you change? 

A: Click the incorrectly configured network setting in the IP configuration display. Client! 
and ServerB belong to different subnets. Click the subnet mask of Client!. 

64. Win2000 Professional Client! has an address of I0.10.I67.4 and a default gateway of 
I0.I0.167.I. You want to connect to a shared folder on ServerB. But you receive the 
following error message: “The network location could not be reached”. You want to 
allow Client! to connect to ServerB. What should you do? 

A: Configure Client! to use a WINS server address of 10.10.13. !4. 

65. You upgrade five computers from NT Workstation 4.0 to Win!000 Professional. The 
computers are used by members of the Accounting OU. All five computers are config- 
ured to have the default security settings. Helen reports that she can’t run the account- 
ing applications on her Win!000 Professional computer. Prior to the upgrade, Helen 
could run it. Helen is a member of the Local Users group. You want the accounting ap- 
plications to run on Helen’s computer. What should you do? 

A: Use SECEDIT.EXE to apply the COMPATWS.INE security template to Helen’s Security 
Policy to loosen the permissions for the Local Users group on Helen’s computer. 

66. You have 200 client computers on your network that run Win2000 Professional. How 
many auditing policies should be set to audit one type of event? 

A: One for each computer. 

67. You have 50 MB of free disk space on drive C and 500 MB of free disk space on drive 
D. Print jobs are failing because the available space on drive C is inadequate. You want 
print jobs to be able to use the space on drive D. What should you do? 

A: Prom the Print Server Properties dialog box, change the location of the spool folder to 
any existing file path on drive D. 

68. What should you do before installing Win2000 Professional on an NT Workstation 4.0 
computer when you want to run both systems? 
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A: Install Service Pack 4 or later for Windows NT Workstation 4.0. 

69. You have a share on your local computer. You helieve someone has been intentionally 
damaging your files. What do you do to determine who is doing this? 

A: Turn on Auditing For Objects in the Local Security Policy and select Use Windows Ex- 
plorer to turn on auditing for specific files. 

70. Saul needs access to files that are in the Accounting folder on his computer. A local 
group named Accounting is granted Full Control permission to the Accounting folder 
and the files within it. Saul is a member of the Accounting local group but he cannot ac- 
cess the files that he needs. What should you do? 

A: Remove Saul from any other groups that have been explicitly denied access to the Ac- 
counting folder. 

71. You have a Win2000 computer used by several students. You use an account that does 
not have administrative rights for security reasons, for most activities. You want to 
schedule a task to run a command file named ADDUSERS.CMD that automatically 
adds six more student user accounts. What should you do? 

A: Schedule the task to run under an Administrative account. 

72. You accidentally delete an OU containing 300 user objects. How should you recover the 
deleted OU? 

A: Restart the domain controller in Directory Services Restore Mode. Use the Backup utility 
to restore the system state data. Use NTDSUTIL.EXE utility to mark the deleted OU as 
authoritative. Restart the domain controller and replicate the changes to the remaining do- 
main controllers. 

73. From the Recovery Console, what command allows you to disable a service? 

A: Disable. 

74. You schedule a task to run an MMC snap-in to perform configuration tasks on other 
computers. It is not completing correctly. You manually start MMC, add the snap in. 
You can successfully run the task, and all tasks are working correctly. You want to en- 
able your task to complete successfully. What should you do? 

A: Use Scheduled Tasks to configure the task to run under the security context of your ac- 
count. 

75. You have a shortcut for a folder named Accounting on a network share. When at- 
tempting to configure the shortcut to be available offline, you don’t see the option. 
What should you do? 
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A: Use Windows Explorer to configure the folder to be available for offline access. 

76. What are the default networking components included by default in the typical installa- 
tion ofWin2000? 

A: Client for Microsoft Networks. 

File and Printer Sharing for Microsoft Networks. 

TCP/IP. 

77. What do you need to do to Windows Backup to ensure that your registry, boot files, and 
COM objects are also backed up? 

A: Configure Windows Backup to back up the System State data. 

78. You install a 16-bit ISA sound card and manufacturer’s device driver on your Win2000 
Professional computer. You restart the computer, but the computer won’t start cor- 
rectly. You start the computer in safe mode. What should you do next? 

A: Disable the sound card device driver by using Computer Management. 

79. What should you do to prevent users from enabling offline access for the network share 
that contains a confidential report, but still allow them online access to the report? 

A: Use Windows Explorer to disable caching for the records on the network share. 

80. You have configured accessibility options for a user. Everything seems to be working 
correctly. The user leaves his computer and when he returns, none of the accessibility 
options work anymore. What should you do? 

A: On the General tab of Accessibility Options, disable “Turn off Accessibility features after 
idle for X minutes ”. 

81. A user installs a shared laser printer on his Win2000 Professional computer. The laser 
printer is connected to a computer named Serverl. But when the user logs on to an NT 
Workstation 4.0 computer, the printer is not included in the list of available printers. 
You want to allow the user to send print jobs to the shared laser printer from any com- 
puter on the network. What should you do? 

A: Configure a roaming user profile for the user’s user account. 

82. You have associated GPOs with your site, domain and OUs. In what order are GPOs 
processed? 

A: Site, Domain, OU. 
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83. You have a Multilanguage version of Win2000 Professional. When you log on to the 
network hy using you username_eng user account, you are not allowed to add any lan- 
guages to your computer other than English. What should you do? 

A: Reconfigure the Group Policy object (GPO) for the username _eng user account to allow 
you to change languages on your computer. 

84. You upgrade your Win98 computers to Win2000 Professional. You want to remove the 
Logoff option from the Start menu on the new computers. Which two methods can you 
use to accomplish your goal? (Choose two) 

A: On the Advanced tab of the Taskbar/Start Menu dialog box, clear the Displaylogoff op- 
tion. 

Use a Local Computer Policy that will not include the Logoff option on the Start menu. 

85. What parameter is used with SYSPREP to run it without generating a security identi- 
fier? 

A; NOSIDGEN 

86. What is true of a Windows 2000 Domain Controller? 

A: A Domain Controller can be demoted to be a member server and vice-versa. 

All Domain Controllers in Windows 2000 are of equal status with no primary. 

Changes to the Active Directory can be made on any Domain Controller. 

87. Using a user’s account on his computer, you configure the StickyKeys, FilterKeys, and 
ToggleKeys accessibility options and then log off of his computer. The user then hoots 
the computer, hut the accessibility options are turned off. What should you do? 

A: Use Utility Manager to configure the accessibility options to start automatically when 
Win2000 Professional loads. 

88. By using disk-duplicating software you install Win2000 Professional on 20 PXE- 
compliant computers in the Graphics OU. The reference computer is configured to 
have Win2000 Professional default desktop settings. Users in the Graphics OU have 
home folders specified in their user account settings. The home folders are located on 
the \\Serverl\Users network share. You want to change the default path of the user’s My 
Documents folders to their home folders whenever users log on to the network. What 
should you do? 

A: Create a Group Policy object (GPO) for the Graphics OU to redirect the My Documents 
folder, and define the UNC path '<sServerKUsers\%Username%. 

89. Where is the Group Policy Template (GPT) for a GPO stored? 

A: In the SYSVOL share. 
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90. Where do you view all shares in use on your computer? 

A: Computer ManagementXSystem Tools\Shared Folders\Shares. 

91. You have a Windows 2000 Professional portable computer that is shared by users in 
one of your departments. You want to configure a roaming user profile so that users 
can logon from any location including by using a dial-up connection. You log on to the 
computer by using the local Administrator account. You create user accounts for the 
users. When you attempt to configure each individual user account profile to be a 
roaming profile, you fail. You receive the Change Profile Type dialog box. What should 
you do? 

A: Connect the portable computer to the network, and configure the user accounts for a 
roaming user profile. 

92. What file name extension identifies a Windows Installer file? 

A; .MSI 

93. You deploy an application to users in the Graphics Organizational Unit. You want to 
create a custom installation for three users, who are members of the Graphics OU. You 
want these three users to be able to access additional text, filters, and other graphics op- 
tions for the software. What should you do? 

A: Create the Advanced Software OU within the Graphics OU, and add the users. Create a 
.MST file, including changes and apply the modifications to the Advanced Software OU. 

94. You want to deploy a Win2000 Professional service pack to 10 computers in the Devel- 
opment Organizational Unit. You create a Windows Installer package file for the serv- 
ice pack. You use the package file to successfully install the service pack to other com- 
puters in the domain. You assign the package file to the Development OU. After the in- 
stallation, you notice that the service pack was not installed on any of the 10 computers. 
You want to ensure that the service pack is successfully installed on the computers in 
the Development OU. What should you do? 

A: Add the user accounts from the Development OU to the DACL. Grant the user accounts 
Read permission to the service pack deployment directory. 

95. You are upgrading two computers from NT Workstation 4.0 to Win2000 Professional. 
You successfully upgrade the first computer. During the upgrade of the second com- 
puter, a power failure interrupts the upgrade. The second computer can no longer run 
NT Workstation 4.0. It also does not support booting from the Win2000 Professional 
CD-ROM. Using the first computer, how should you recover the failed upgrade? 



35 



http ://www .troytec .com 




A: On the first computer, run Makebt32.exe from the Bootdisk folder on the WinlOOO Profes- 
sional CD-ROM. Restart the upgrade with the new disks on the second computer. 

96. Which group scope has its memberships listed in the Global catalog? 

A: Universal group. 

97. Sam wants to be able to work at home on files that were created in the office on the 
company network. Prior to logging off the network, Sam enables Offline Files. But, 
when he attempts to access the files, they are not available. What should you instruct 
Sam to do? 

A: At the office, make all files available offline. Sam will be able to access his files the next 
time he logs off the network. 

98. Which services or protocols must be installed to automatically turn off the power of the 
display and hard disk after a period of inactivity? 

A: APM and ACPI. 

99. How can you restore short file names to long file names during the Windows 2000 
setup? 

A: Build $$RENAME.TXT file and put it in the folder that contains the files that need to be 
converted. 

100. After a user leaves the company, you move all of the files from his home folder 
(NTFS, EFS enabled) to his manager’s folder. When the manager attempts to open any 
of the files, access is denied. What should you do to allow the manager to access the 
fdes? 

A: Log on to the network as a Recovery Agent. Decrypt the files for the manager. 

101. Users on the network save their work files in home folders (NTFS, EFS enabled) on 
a network server. The partition also has disk quotas defined. A user reports that she 
cannot save or update any files to her home folder, due to insufficient disk space. Other 
users are not experiencing this problem with their home folders. What should you do? 

A: Increase the server disk quota entry for the user. 

102. Your network only uses TCP/IP. You install Win2000 Professional on a computer 
named Client2. Client2 has the following configuration: 

IP address: 10.10.20.234 
Default Gateway: 10.10.13.1 
WINS Server: 10.10.13.10. 
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You cannot connect to shared resources on ServerB and ServerC by using UNC names. 
You check the configuration settings, and see that the gateway of the subnet which Cli- 
ent2 belongs to is 10.10.20.1 (an exhibit will be shown). What should you do? 

A: Configure Client! to use a default gateway of 10.10.20.1. 

103. You configure the Internet connection to enable Internet Connection Sharing. After 
you configure the connection, you cannot see or connect to any shared resources on 
your local network. What should you do? 

A: Configure the dial up connection to disable shared access. 

104. You install Win2000 Professional on a computer named Client2. You connect to 
shared resources on ServerE daily. Suddenly you are no longer able to connect to 
ServerE. Other users can connect to ServerE. You ping ServerE. You verify that all of 
the servers are connected to the network and are running correctly. What is the most 
likely cause of the problem? 

A: The router configuration. It shows Clientl’s IP is 10.10.167.4, and Clientl’s Router IP is 
10.10.164.3. 

105. Your company has two domains; troytec.com and rileysales.com. ServerA is in the 
troytec.com domain. It runs IIS, Microsoft Proxy Server 2.0, and it is an Intranet site. 
You want Win2000 Professional computers in the rileysales.com domain to access the 
Intranet site by connecting to the URL http://ServerA rather than its fully qualified 
domain name. What should you do? 

A: Add troytec.com to the Domain Suffix Search Order on the computers. 

106. What kinds of services does Win2000 Professional support for the highest level of 
security for VPN traffic across the Internet? 

A: Kerberos and IPSec 

107. You install a DOS application on your Win2000 Professional computer. The appli- 
cation uses the Win2000 Professional default settings Autoexec.nt and Config.nt. Your 
video adapters are set to 16-bit, 1024 x 768 and default refresh rates. On the first desk- 
top, you create a shortcut for the DOS application, using the default PIE settings. Both 
monitors are unable to display the application. Both monitors function correctly when 
you run Windows based applications. What should you do? 

A: Change the color setting for both video adapters to 256 colors. Reconfigure the shortcut 
properties to run the DOS based application in full screen mode. 

108. What software specification allows several protocols to be bound to a single network 
adapter? 

A; NDIS 
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109. How should you configure your laptop to save the contents of memory to the hard 
disk and then to shut down when the sleep button is chosen? 

A: Configure the power settings to use the Hibernation option. 

110. You have 3 sites; Houston, Paris and Rome. Houston is connected to Paris via a 
256K WAN link. Houston is also connected to Rome via a 256K WAN link. Paris is 
connected to Rome via a 56K WAN link. You wish to create site links so that you can 
optimize Active Directory synchronization traffic. How many site links should you cre- 
ate? 

A; 3 

111. You have 3 sites; Houston, Paris and Rome. Houston is connected to Paris via a 
256K WAN link. Houston is also connected to Rome via a 256K WAN link. You wish to 
create site links so that you can optimize Active Directory synchronization traffic. How 
many site links should you create? 

A; 2 

112. You have a 2 MB Windows Bit Map. You have compression enabled on your C:\ 
drive. The file has been compressed to 1 MB. You try to copy the file to a floppy disk 
but you get the message “Insufficient disk space”. How can you copy the file to the 
disk? 

A: You must use a third party compression tool to compress the file. 

113. You then attempt to install 32-bit application printer software that came with a new 
laser printer. During the installation, you receive the error message “failed to load 
WINPRINT.DLL. Specified module could not be found” (an exhibit will be shown). 
What should you do before you share the printer with other users? 

A: Obtain and install the WDM-compliant device drivers and printing software for the 
printer. 

114. What two types of DFS are supported by Windows 2000? 

A: Fault-Tolerant DFS and Stand-Alone DFS 

115. What type of event is audited to log changes made to the system time on a com- 
puter? 

A: Privilege Use. 

116. Your Win2000 Professional computer has a built in 33.6 kbps modem. You install a 
56K ISA based modem. When the installation is complete, you notice that the 56K mo- 
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dem is not functioning. Device Manager shows that the 33.6K modem and the 56K mo- 
dem are conflicting with each other. You want to configure Win2000 Professional to use 
only the 56K modem. What should you do? 

A: Using Device Manager, disable 33.6K modem. 

No action required on 56K modem. 

117. You want to install Win2000 Professional on 100 MPS compliant computers. Each 
computer has two 550 MHz processors, and are configured identically. One of the com- 
puters will he used as a reference computer for deploying Win2000 Professional to the 
others. You install Win2000 Professional on the reference computer. You view Device 
Manager and notice that the drivers for the second processor are not installed. You 
want to add support for the second processor on the remaining 99 computers. What 
should you do? 

A: Use Device Manager to add the appropriate HAL to the reference computer to support the 
second processor, and then create a disk image. 

118. What is the minimum processor specification for Windows 2000 Professional or 
Windows 2000 Server on an Intel-hased computer? 

A; P133 

119. In a default installation to an Intel-based computer, which folder is used as the des- 
tination of Windows 2000 Professional? 

A; WINNT 

120. What needs to be included in the [UNATTENDED] section of the UNATTEND.TXT 
file to convert a FAT or FAT32 partition to NTFS during an unattended install? 

A: FileSystem=ConvertNTFS 

121. You wish to create a Windows 2000 Professional startup floppy disk set. What 
command would you run to create the disk set? 

A: Makeboot A: 

122. You want to use the Remote Installation Service (RIS) to install Win2000 Profes- 
sional on a client computer. What services must be available? 

A: DNS Server. 

DHCP Server. 

Active Directory. 

123. How can you apply OU GPO settings to only some of the user objects in the OU? 
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A: Create a security group containing only the users that will use the GPO settings. Give 
this only this security group both READ and APPLY GROUP POLICY permissions on 
the GPO. 

Move the user objects that do not require the GPO settings to a sub OU within the parent 
OU. Use the block inheritance setting on the child OU to stop the parent GPO settings 
being applied. 

Create a security group which contains all the users that will not use the GPO settings. 
DENY this security group APPLY GROUP POLICY permission on the GPO. 

124. You are working from home using a dial-up connection. You can access resources 
on the first subnet, where the dial-up server is located, hut you cannot access other re- 
sources on the network. What dial-up parameters should you change? 

A: The default gateway on remote network. 

125. What are the two types of user groups in Windows 2000? 

A: Security and Distribution. 

126. You have associated a GPO with both a parent OU and one of its child OUs. What 
statements are true of how the GPO settings will be applied? 

A: If the GPO settings are compatible with each other then BOTH GPOs will be applied. 

If the GPO settings are not compatible then the child OU GPO settings take precedence. 

127. You have created three GPOs for your site, domain and OU. Each of the three 
GPOs has been configured with “No Over-Ride”. Which GPO settings are guaranteed 
to be applied to the OU? 

A: Site. 

128. Where in the Group Policy settings would you configure computer Startup and 
Shutdown scripts? 

A: Computer Configuration. 

129. What is true of L2TP? 

A: L2TP supports header compression. 

L2TP supports tunnel authentication. 

130. What is true of PPTP? 

A: PPTP require an IP-based network. 

PPTP provides data encryption. 
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131. What is the maximum number of WINS server addresses that can he listed on a 
WINS client? 

A; 12 

132. You are planning to install Win2000 Professional on your Win98 computer. You 
want to select the best file system and features. You must to be able to use both operat- 
ing systems to access all disks. Which file system do you use? 

A; FAT32 

133. A user wants to use a dial-up connection to your network. He will be using a Smart 
Card for authentication. Which authentication protocol must he use? 

A; EAP 

134. True or False: A domain and a workgroup can share the same name. 

A: True 

135. What parameter in the [GUIUnattended] section of the UNATTEND.TXT file al- 
lows you to skip presetting the regional Settings? 

A: OEMSkipRegional 

136. What must be done before a computer running Windows 2000 can join a domain? 

A: A computer account must be created or added to the domain database. 

137. What name is given to the site link created by default on Windows 2000? 

A; DEEAULTIPSITELINK 

138. Which information is available in the Windows 2000 Security Dialog Box? 

A: Name of user account in use. 

Name of domain user logged onto. 

139. What entry is required in the [Data] section of the .SIF file during a Win2000 CD- 
ROM boot pre-installation? 

A: [Data] Unattendedinstall=yes Msdosinitiated =0 Autopartition =1 

140. What protocol allows users to print to a URL over an Intranet or the Internet? 

A; IPP 
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141. Which user interface provides additional feedback and sort options to view installed 
or available application by size, frequency of use and time of last use? 

A: Add/Remove Programs Wizard. 

142. What switch is used with WINNT.EXE to specify the file name for the setup infor- 
mation file? 

A; WINNT.EXE /I 

143. What is required to join a workgroup? 

A: A new or an existing workgroup name. 

144. What statements are true of assigning an application using Group policy? 

A: Assigned applications can be installed by document invocation. 

Assigned applications are resilient and can automatically repair themselves. 

Assigned applications are advertised on the user's desktop. 

145. You realize as you attempt to install Windows 2000 Professional that your computer 
does not support booting from the CD-ROM. What should you do? 

A: Start the computer by using the Setup boot disks. Insert the Windows 2000 Professional 
CD-ROM when prompted, and then continue Setup. 

146. Two of your users have connected to their home folders on the same file and print 
server. When the users query the amount of free disk space on the server they receive 
different answers. Why is this? 

A: The users have different amounts of unused disk quota on the server. 

147. Which feature of Windows 2000 allows you to secure your network traffic so that it 
cannot be easily read by anybody capturing the packets? 

A; IPSec 

148. You have just installed a DHCP server on your Windows 2000 network. No leases 
are being obtained from the DHCP server. You have checked the scope settings and 
they all appear correct. The scope has been activated. Why are no clients obtaining 
leases from this DHCP server? 

A: The DHCP server has not been authorized. 

149. Why can’t users log on locally to a domain controller? 
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A: PDCs do not maintain local security databases. 

150. What statements are true of moving objects in Active Directory? 

A: Any permission assigned directly to that object will be moved with the object. 

Multiple objects can be moved simultaneously. 

Any currently inherited permission on the object will be lost and replaced with inherited 
permissions from the new container. 

151. How many domain controllers and DNS servers must be online to allow you to join 
a domain? 

A: One DC and one DNS. 

152. Your company has a forest consisting of two Domain trees. Each Domain tree con- 
tains a root Domain and two sub-Domains. You have just created a Domain Local 
group and would like to assign permissions to this Domain Local group to resources 
within your company. To which resources can permissions be given to this Domain Lo- 
cal group? 

A: Only resources in the same Domain as the Domain Local group. 

153. Your company has a forest consisting of 2 Domain trees. Each Domain tree contains 
a root Domain and two sub-Domains. You have just created a Global group and would 
like to assign permissions to this Global group to resources within your company. To 
which resources can permissions be given to this Global group? 

A: Any resource in the forest. 

154. How can you reduce the time it takes for a client to process a GPO, that only modi- 
fies user settings, to determine what settings need be applied? 

A: Disable the computer configuration settings for the GPO. 

155. Where in the Group Policy settings would you configure user logon and logoff 
scripts? 

A: User configuration. 

156. Which folder redirection option would you choose to enable folders to be redirected 
to different alternate locations? 

A: Advanced 

157. Using a Group policy, you want to automatically remove software on a user's com- 
puter. What two removal options are available? 
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A: Forced, Optional 

158. What are the differences between assigning an application to a user and assigning 
an application to a computer? 

A: Applications assigned to the user will be available whenever the user logs on Applica- 
tions assigned to the computer are available to all users of that computer. 

Applications assigned to a user require the user to either invoke a program before it in- 
stalls. Applications assigned to a computer are automatically installed the next time the 
computer restarts. 

159. What tool is used to create a distribution tool and create a single UNATTEND.TXT 
file to pre-install 500 Win2000 computers? 

A: Setup Manager. 

160. You have recently published a software upgrade to your users using a Group policy. 
You have noticed, however, that when a user invokes an associated document, the older 
version is installed. How can you install the newer version using document invocation? 

A: Change the upgrade to be mandatory. 

Alter the software order listed in the GPO so that the newer version is higher than the 
older version. 

161. By default, what is available on Windows 2000 Professional? 

A: Customized Start Menu and Automated Recovery System (ARS). 

162. What is true of a Global catalog in Windows 2000? 

A: A Global catalog contains only the commonly queried objects and attributes for a forest. 

163. You install a new video card into your Win2000 computer. After the installation, 
the system will not start. What should you do? 

A: Use Recovery Console 

164. You want to create a shared Internet connection on your network. Users should not 
have any permission other than HTTP and FTP access. How should you configure the 
port settings? 

A: Configure HTTP port settings to 80. 

Configure FTP port settings to 21. 
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165. You have installed and configured fax service on your Win2000 Professional com- 
puters. A user states that she is not able to receive faxes, but can send them. What 
should you do? 

A: Use the Fax Service Management tool to enable the device to receive faxes. 

166. You update some Windows 98 machines to Win2000 Professional. After rebooting, 
you get a virus warning from your BIOS. The MBR is damaged. What should you do? 

A: Boot from the WinlOOO Professional installation CD-ROM and repair the Master Boot 
Record. 

167. What section do you need to add to your answer file to load third party SCSI driv- 
ers? 

A; AC 

168. Windows Installer Service should be run in what security context? 

A: In the security context of the system, not the context of the current user to avoid lack of 
rights or permissions. 

169. By default, what happens to the files that were redirected when a folder redirection 
policy is removed? 

A: The redirected files remain in the redirected location. 

170. A single network logon is made possible in Windows 2000 due to support for which 
protocol? 

A: Kerberos. 

171. You have a laptop that is configured for a SCSI adapter when docked. You want to 
maximize the battery performance of your laptop computer. You do not want the SCSI 
adapter available when you are not docked. What should you do? 

A: Start the system without the docking station. Disable the SCSI adapter device for the cur- 
rent profile. 

172. You are creating a dial-up connection on your Windows 2000 portable computer to 
connect to your customer’s dial-up server. Although you are not sure which type of 
server your customer is using for dial-up connections, you still want to ensure that your 
dial-up connection authentication is secure and that your logon information is not sent 
in plain text. You view the Advanced Security Settings dialog box. What options should 
you select to obtain your goals? 

A: Challenge Handshake Authentication Protocol ( CHAP) 
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Microsoft CHAP (MS-CHAP) 

Microsoft CHAP Version 2 (MS-CHAP v2) 

173. How do you stop the printer from notifying you when a print job has printed? 

A: In the server properties of the Printers system folder, clear the Notify when remote docu- 
ment has been printed option. 

174. When you perform a new installation of Windows 2000. As Setup must request a 
DHCP (server assigned) IP address during GUI-mode Setup before you can choose be- 
tween using a static IP address and using DHCP to obtain an IP address automatically, 
this may cause a Dynamic Domain Name System server to retain an incorrect DNS- 
host-name-to-IP-address mapping. How can you prevent this from occurring? 

A: Create a Setup answer file (WINNT.SIF) that contains the static IP address you intend to 
use. 

175. How do you make a web page available for offline viewing in Windows 2000? 

A: On the Favorites menu in Internet Explorer, click Add to Favorites. Select the Make 
Available Offline check box. To schedule updates for the page, content download, click 
Customize. 

176. You want a certain group of your Windows 2000 Professional computers to be able 
to communicate with other Windows 2000 computers on your network. However, you 
do not want the computers to communicate with computers that are not running Win- 
dows 2000. How should you configure a security policy on each computer to ensure 
that the computers can only communicate with other Windows 2000 computers? 

A: Use Security Configuration and Analysis to import the hisecws. inf security template file to 
modify the security settings. 

177. You are upgrading several Windows 95 computers to Windows 2000 Professional. 
Most have the same hardware, but there are many different peripheral devices 
throughout the company. How can you verify that all of the hardware in use is com- 
patible with Windows 2000 Professional? 

A: Use Setup Manager to create a Setup, inf file. Add the entry ReportOnly=Yes to the 
[Win9xUpgrade] section of the answer file. Run Winnt32.exe /Unattend:Setup.inf. 

178. You install Windows 2000 Professional on a new APM-compliant laptop computer. 
But whenever you attempt to shut down the computer, the power remains on, even 
when you use the power button. What should you do? 

A: Restart the computer, use the Power Options in Control panel to enable APM, then re- 
boot. 
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179. You configure a user’s Windows 2000 Professional computer to use the on-screen 
keyboard and Sticky Keys options. You save the accessibility option settings to a shared 
folder on the local hard disk of the user’s computer. You want to configure the same 
options for another user. You log onto the second user’s computer using his local user 
account. You access the shared folder over the network, and select the .acw file from 
the shared folder. You receive an error message stating that there was a problem 
loading the specified file. What should you do? 

A: Change the permissions of the .acw file on the shared folder to allow read access for the 
second user’s account. 

180. You are configuring a roaming user profile for a Drew Morgan. You create a user 
account named DrewM on a Windows 2000 Server. You define a network profile direc- 
tory path named \\Serverl\Profiles\% Username %. When Drew logs onto the com- 
puter, he receives the error message, “Cannot locate your roaming profile”. What 
should you do? 

A: Change the %Username% variable to DrewM. 

181. You replace the uniprocessor computer in your design department with new MPS- 
compliant computers. Each computer has two 550-MHz processors. You install design 
software that includes Win32, Winl6, and DOS-based applications. When users use a 
Winl6-based application, they do not notice an improvement in performance compared 
to using the uniprocessor computers. What should you do? 

A: Replace the Winl6-based applications with available Win32-based applications. 

182. Your computers have both Windows NT Workstation 4.0, and Windows 2000 Pro- 
fessional. You configure the hard disk on each computer to have a two 4-GB partitions. 
Windows NT Workstation is installed on drive C, and Windows 2000 Professional is in- 
stalled on drive D. You configure a disk quota on drive D to prevent users from saving 
data on the disk. How can you prevent users from saving files to drive D in either oper- 
ating system? 

A: Use Windows NT Workstation to configure NTFS permissions on drive D to deny users 
Write permission. 

183. A user in your Accounting OU reports that their mouse is not working. You log 
onto the domain from that user’s computer by using the domain Administrator’s ac- 
count. You discover the user is using an old mouse driver. You install an updated 
mouse driver, and restart the computer. The mouse is still not working correctly. You 
view Device Manager, and notice the previous mouse driver is still installed. What 
should you do? 
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A: Set the Accounting OU policy for security to warn and allow the installation to override 
the local security. 

184. You schedule a task to run after 15 minutes. After an hour, you check the Event 
Viewer system log. It contains the error message: “The Task Scheduler service failed to 
start”. You want to run the scheduled task again. What should you do before restart- 
ing the Task Scheduler? 

A: Set the Task Scheduler service to log on as a Local System account. 

185. A user downloads a video card driver from the Internet. You are unsure of the 
source of the driver. You want to ensure the user does not lose production time because 
of an incompatible driver. What should you do? 

A: Install the driver. If the computer fails after installing the driver, restart the computer 
with the Last Known Good configuration to recover the original driver. 

186. A user reports that their Windows 2000 Professional computer is running very 
slowly. What methods can you use to improve performance? (Choose all that apply) 

A: Perform a disk analysis, and use disk defragmenter. 

Use Disk Clean to delete temporary files and unnecessary program files. 

187. You install a SCSI adapter and a SCSI tape drive on your Windows 2000 Profes- 
sional computer. Windows 2000 Professional detects and installs drivers for the new 
SCSI devices. After you restart the computer later that day, the computer stops. What 
should you do to enable your Windows 2000 Professional computer to start success- 
fully? 

A: Start the computer using the Recovery Console. 

Disable the SCSI adapter device driver by using the disable command. 

188. You attempt to install a printer driver on a Windows 2000 computer, but receive an 
error message: “Error 11 - Cannot install printer driver”. How should you configure 
the computer to check for driver integrity and to allow you to install the driver? 

A: Use the Print troubleshooter. 

Configure the computer to prevent the installation of unsigned drivers. 

189. You are preparing to deploy many new Windows 2000 Professional computers on 
your network. You want to be able to recover from disk failures and corrupt system 
files on the new computers. What should you do to configure the computers to auto- 
matically update their system configuration and emergency repair files on a scheduled 
basis? 

A: Use Windows Backup to schedule a backup of System State data. 
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190. Your Windows 2000 Professional computer has a shared printer that several de- 
partments use. The Accounting department prints extremely large ledgers causing oth- 
ers to wait. How can you improve printing efficiency so that other users do not have to 
wait for their print jobs? 

A: Configure the priority of the printer to 50. Add a new printer, and set the priority to 95. 
For the new printer, deny Print permissions for users in the Accounting department. 

191. The computers in your design department have built-in USB controllers. You in- 
stall a USB tablet-pointing device on each computer. A tablet icon appears in Control 
Panel to configure the device, but it doesn’t work. What should you do? 

A: Enable the USB ports in the BIOS, and re-install the USB tablet device drivers. 

192. Your computer has a built-in 10-MB Ethernet adapter. You then install a 100-MB 
Ethernet PC Card adapter. You notice that the 100-MB adapter is not functioning. 
What should you do so that the Windows 2000 Professional computer uses only the 100- 
MB Ethernet PC Card adapter? 

A: Use Device Manager to disable the device for the 10-MB adapter. 

193. Your network has five Windows 2000 Servers, and 50 Windows 2000 Professional 
computers. The Professional computers were installed by using a RIS image on one of 
the Windows 2000 Servers. You need to upgrade several applications on the Windows 
2000 Professional computers. The applications do not have built-in support for scripted 
installations. You want to accomplish the following goals: 

• The upgraded applications will be installed using the unattended installation 
method. 

• Existing user environments will be maintained. 

• The network name will be changed to match its serial number. 

• The RIS image and the upgraded applications are enabled as they are added to 
the network. 

You take the following actions: 

• Install the RIS image on a Windows 2000 Professional computer named Prol. 

• Install the upgraded applications on Prol. 

• Change the network name of Prol to %DMI-SERIAL_NUM%. 

• Run RIPrep.exe on Prol. 

• Start all of the Windows 2000 Professional computers and load the RIS image. 
Which results do these actions produce? (Choose all that apply) 

A: An unattended installation of the upgraded applications is performed. 
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194. You want to configure all of your Windows 2000 Professional computers to allow 
access to the Internet. You do not plan on installing a permanent Internet connection. 
You do have a single dial-up account at a local ISP, and a 56-Khps modem. What 
should you do to configure access for the Windows 2000 computers? (Choose all that 
apply) 

A: Configure the dial-up connection to enable on-demand dialing. 

Configure the dial-up connection to enable Internet Connection Sharing. 

Attach the modem to one of the Windows 2000 Professional computers, and create a dial- 
up connection to the ISP. 

195. You create a new dial-up connection to connect to your company’s remote access 
server. You can connect to servers on the same segment as the remote access server, 
hut cannot access shared resources on remote segments. What should you do? 

A: Configure the TCP/IP properties for the dial-up connection to use the default gateway. 

196. You create a new dial-up connection to connect to the Internet. You configure the 
Internet connection to enable Internet Connection Sharing. However, you cannot see or 
connect to any shared resource on your network. What should you do? 

A: Use the ipconfig command to release and renew your network TCP/IP address. 

197. You are install Windows 2000 Professional on several MPS-compliant computers. 
The computers are configured identically with two 550-MHz processors. You intend on 
using one of the Windows 2000 Professional computes as a reference computer for the 
other computers. After you install Windows 2000 Professional on the reference com- 
puter, you notice that the drivers for the second processor are not installed. How can 
you add support for the second processor on the other computers? 

A: Use the System Preparation Tool with the -pnp parameter to set up the reference disk. 

198. You are adding new PXE-compliant computers to your network which contains 
Windows NT Workstation 4.0 computes. The hardware on the new computers is iden- 
tical. You are using a RIS image to deploy Windows 2000 Professional to the new com- 
puters. You successfully deploy Windows 2000 Professional on the first ten computers, 
hut cannot install it on the remaining computers. What should you do? 

A: Configure the DHCP scope to add additional IP addresses. 

199. You want to create a standard installation image to install Windows 2000 Profes- 
sional. The computers have different hardware and component configurations. You 
install Windows 2000 Professional and other standard software on one of the comput- 
ers. You log on to the computer hy using the local Administrator account. After con- 
figuring the applications, and customizing the desktop settings, you run Setup Manager 
and create the Sysprep.inf file. You copy Sysprep.exe and Setupcl.exe to the \Sysprep 
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folder. You run both Sysprep.exe and your third party disk imaging software. You 
then copy the image to several test computers and restart them. Some of the computers 
do not start. Some of the desktop settings are different that the original computer. 
What should you do? (Choose two) 

A: Copy the Administrator profile to the Default User profile. Grant permissions to the 

Everyone group to use the profile. 

Include the -pnp parameter for the Sysprep.exe when you rerun that utility. 

200. You are upgrading Windows NT Workstation computers to Windows 2000 Profes- 
sional. You create an Unattend.txt file and copy the file to a floppy disk. You start the 
installation on a test computer by using the Windows 2000 Professional CD-ROM. You 
insert the floppy disk after the computer starts. You had set the user interaction level 
to full unattended mode, but you are still prompted for parameters. What should you 
do? 

A: Rename Unattend.txt on the floppy to Winnt.sif. 

201. Users have attached USB devices and have installed device drivers that were not 
supported by Windows 2000 Professional. You want to configure the computers to in- 
stall device drivers only for devices that are included on the current HCL. Which op- 
tion should you enable in the Driver signing Options dialog box? 

A: Block - Prevent installation of unsigned files. 

202. You install an updated driver for the Zip drive in your Windows 2000 Professional 
computer. The computer stops responding. You restart in safe mode. The computer 
stops responding again. What should you do? (Choose three) 

A: Use the disable command to disable the Zip device driver. 

Select Recovery Console from the Repair menu. 

Start the computer by using the Windows 2000 CD-ROM. 

203. You are configuring your Windows 2000 Professional portable computer to use a 
dial-up connection to connect to a Routing and Remote Access server. Your computer 
has a smart card, and has the appropriate drivers installed. You use MMC to request a 
new certificate. What options should you enable in the Advanced Security Settings 
dialog box? (Choose all that apply) 

A: Use Extensible Authentication Protocol. 

204. You install 25 new Windows 2000 computers. Three weeks later the users indicate 
that 5 of the computer have stopped responding. You find that users have install USB 
devices that use drivers that are not Windows 2000 compliant. You want to prevent 
this from happening again. What would you do? 
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A: Configure computers to enable driver signing verification. 

205. You want your Win 2000 computers to support 2 monitors. The computer is cur- 
rently using 16-bit color, 1024 x 768 resolution and the optimal refresh rate. After you 
install the HCL compliant plug and play video adapters you notice that the secondary 
monitor has no image. What would you do? 

A: Rin Dxdiag.exe to configure adapters and configure the secondary adapter to use the op- 
timal refresh rate. 

206. You want to install Windows 2000 and a service pack on 100 new computers on 
your network. What would be easiest? 

A: Install Win 2000 from the Network Share 

Add the service pack files to a second Network Share 
Then install the service pack 

207. You have a Windows NT 4.0 Domain which has 35 Windows 2000 Professional 
computers. The network is divided into 5 TCP/IP subnets. You are going to install 10 
more Windows 2000 and you want them to be able to resolve NetBIOS names to 
TCP/IP addresses. What would you do? 

A: Install a WINS server and configure each computer to use WINS. 

208. You are installing a Windows 2000 computer named COMP2 to your network. You 
have a single TCP/IP domain named HOME. You want COMP2 to be a member of the 
HOME domain and be able to access resources on SERVERl. What would you do? 

A: Create an account for COMP2 in the HOME domain. 

Configure COMP2 to have and IP addressing of 10.10.20.78 and a default gateway of 
10.10.20.1 

209. You install Windows 2000 Pro on a computer named COMP2. Afterwards you are 
unable to connect to a web server on the Internet using it’s URL. However, you can 
connect using the server’s IP address. You want to enable COMP2 to connect to the 
web server by using the URL. What would you do? 

A: Configure COMP2 to use a DNS server. 

210. You install Windows 2000 on a computer that has a non-plug and play video 
adapter. You want the video adapter to use 16-bit color and 1024 x 768 resolution. The 
color settings are set at 16 colors and you cannot change these settings. What would 
you do? 

A: Install the WDM-compliant video adapter and monitor drivers. 
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211. You want to install Windows 2000 Pro on 10 non-PXE-compliant computers on 
your network. These computers currently have no operating system installed. You at- 
tempt to load the computers using an existing RIS image that is on the RIS server. 
However, these computers cannot connect to the RIS server. You notice that the server 
computer running WINS has stopped responding due to disk failure. How would you 
solve this problem? 

A: Configure the Active Directory Server to run DHCP. 

Create and use the RIS boot disk 

212. You want to install Windows 2000 Pro on 10 non-PXE-compliant computers on 
your network to the Accounting segment. You attempt to load one of the computers 
using an existing RIS hoot disk. However, you cannot connect to the RIS server. The 
router does not support BOOTP, so existing computers use manually configured IP ad- 
dresses. How would enable the computers to connect to the RIS server? 

A: Move the Windows 2000 Server running AD to the Accounting segment. 
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